129 matches found
CVE-2025-66035 Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...
CVE-2025-66035 Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...
CVE-2025-66035 Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...
CVE-2025-66035
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...
CVE-2025-66035
CVE-2025-66035 affects Angular's HttpClient, allowing a XSRF token leakage via protocol-relative URLs (//) that are treated as same-origin, causing the token to be sent in X-XSRF-TOKEN. Impact described as credential leakage through app logic, enabling unauthorized CSRF token disclosure to attack...
PT-2025-48196
Name of the Vulnerable Software and Affected Versions Angular versions prior to 19.2.16 Angular versions prior to 20.3.14 Angular versions prior to 21.0.1 Description Angular’s HttpClient has a built-in Cross-Site Request Forgery XSRF protection mechanism. When handling requests with...
EUVD-2021-1397
Malware in sbrugna...
EUVD-2018-16898
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-17670
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.2.4 has a Server Side Request Forgery SSRF vulnerability because Windows paths are mishandled during certain validation of relative URLs...
Astro allows unauthorized third-party images in _image endpoint
Summary In affected versions of astro, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. Details On-demand rendered sites built with Astro include an /image endpoint which returns optimized versions of...
GHSA-XF8X-J4P2-F749 Astro allows unauthorized third-party images in _image endpoint
Summary In affected versions of astro, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. Details On-demand rendered sites built with Astro include an /image endpoint which returns optimized versions of...
Security Bulletin: The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios, affects watsonx.data
Summary axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This...
Security Bulletin: Vulnerability in Axios affects IBM watsonx.data
Summary Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative URLs. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. This can affect watsonx.data...
SUSE CVE-2024-39338
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs...
CVE-2024-39338
A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack SSRF caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server...
GHSA-8HC4-VH64-CXMJ Server-Side Request Forgery in axios
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs...
CVE-2024-39338
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs...
UBUNTU-CVE-2024-39338
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs...
CVE-2024-39338
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs...
CVE-2024-39338
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs...