Lucene search
K

4 matches found

OSV
OSV
added 2026/06/22 6:16 p.m.6 views

DEBIAN-CVE-2026-50168

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints an...

8.2CVSS6.1AI score0.00193EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/15 4:39 p.m.9 views

Server-side Request Forgery (SSRF)

Overview @angular/platform-server is an Angular - library for using Angular in Node.js Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via a parser differential between the strict WHATWG URL parser used for allowlist validation and the lenient Domino URL parse...

8.8CVSS6AI score0.00193EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/15 4:39 p.m.31 views

@angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass

An issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints and direct server-side outgoing requests to arbitrary external endpoints. This occurs due to a parser differential between the strict WHATWG URL parser used for allowlist validation and t...

8.8CVSS5.7AI score0.00193EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.34 views

PT-2026-38594

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description A server-side request forgery SSRF issue exists in the notebook viewer. This occurs due to URL parser confusion between the validation layer and the HTTP request library, where the...

7.9CVSS5.8AI score0.00377EPSS
Exploits0References10
Rows per page
Query Builder