4itech-schematics (>=11.3.0 <=11.7.0-5), @4itech/schematics (=11.7.0) +72 more potentially affected by CVE-2026-33672 via picomatch (=3.0.1)

picomatch NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on picomatch and may be impacted: - 4itech-schematics =11.3.0, =10.0.0-alpha.1, =10.0.0-alpha.1, =10.0.0-alpha.1, =0.1700.0, =0.1700.0, =17.0.0, =0.1700.0, =17.0.0, =17.0.0,...

Server-side Request Forgery (SSRF)

Overview @schematics/angular is a Schematics specific to Angular Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request handling pipeline due to improper validation of user-controlled HTTP headers such as Host and X-Forwarded-. An attacker can redirec...