Design/Logic Flaw

angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...

CVE-2023-28444 angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend

angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...

CVE-2023-28444 angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend

angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...

CVE-2023-28444 angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend

angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...

CVE-2023-28444

The CVE concerns angular-server-side-configuration. It detects environment variables in TypeScript files during Angular CLI build, writes them to ngssc.json, and can expose them in index.html. In monorepo deployments with a backend, this may leak variables; a mitigation in v15.1.0 adds a searchPa...

angular-server-side-configuration 信息泄露漏洞

angular-server-side-configuration is an application. A security vulnerability exists in angular-server-side-configuration versions 15.0.0 through 15.1.0, which stems from the presence of an information disclosure vulnerability...

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilties (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149)

Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2022-43548. Angular is a JavaScript framework that extends HTML CVE-2020-7676. Logback is a logging library for Java CVE-2021-42550. Golang Go...

Security Bulletin: IBM Sterling Control Center is vulnerable to denial of service due to Node.js Angular (CVE-2022-25844)

Summary IBM Sterling Control Center uses Node.js Angular which is vulnerable to a denial of service, caused by a regular expression denial of service. Vulnerability Details CVEID:CVE-2022-25844 DESCRIPTION: Node.js Angular module is vulnerable to a denial of service, caused by a regular expressio...

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Angular is part of the .NET RHEL infrastructure CVE-2021-4231. Apache UIMA is used by IBM Robotic Process Automation as part of Watson NLP CVE-2022-32287. SnakeYaml is used by IBM Robotic Process...

Server Side Template Injection

Description alf-event is vulnerable to Server Side Template Injection via angular Proof of Concept VIDEO: With an authenticated user, access the admin panel. Create a organization and then Go to users and create new user having username 77 in that organization Now login with this username and you...

Malicious Package

Overview angular-portal-dependencies is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if th...

aviziacomponents (=1.0.1), avz-temp-components (>=1.0.1 <=1.0.6) +8 more potentially affected by CVE-2021-32854 via textangular (>=1.3.11 <=1.5.16)

textangular NPM version =1.3.11, =1.0.1, =1.1.0, =0.1.0, =1.0.1, =1.0.18, =0.0.2, =1.0.0, =1.1.2 Source cves: CVE-2021-32854 Source advisory: OSV:GHSA-7H4W-6P98-R3WX...

generator-hottowel 跨站脚本漏洞

generator-hottowel is a Yo generator by John Papa Personal Developer. Angular applications are created with HotTowel. A cross-site scripting vulnerability exists in generator-hottowel version 0.0.11, which stems from an issue with unknown functionality in the file app/templates/src/server/app.js ...

MAL-2023-95 Malicious code in angular-portal-dependencies (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d52cb1a168b0e9a95128e2cb22f54bf039750753cedc3fbb1012b1d968ad117 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in angular-portal-dependencies (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d52cb1a168b0e9a95128e2cb22f54bf039750753cedc3fbb1012b1d968ad117 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8010 Malicious code in angular-1.8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3d45e146db01c8e2d986dd73f9991c083be30195ff986c99817c93e1be410b60 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in angular-mocks-1.8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 625a13c6d2cc904b846cc79015624cac75f57596e17606b783aaa1ccb6dcb164 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-94 Malicious code in angular-mocks-1.8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 625a13c6d2cc904b846cc79015624cac75f57596e17606b783aaa1ccb6dcb164 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.0 (python-XStatic-Angular) security update

An update for python-XStatic-Angular is now available for Red Hat OpenStack Platform 17.0 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

DC-Sonar - Analyzing AD Domains For Security Risks Related To User Accounts

DC Sonar Community Repositories The project consists of repositories: dc-sonar-frontend dc-sonar-user-layer dc-sonar-workers-layer ntlm-scrutinizer Disclaimer It's only for education purposes. Avoid using it on the production Active Directory AD domain. Neither contributor incur any responsibilit...