1344 matches found
Angular 跨站脚本漏洞
Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions of Angular prior to 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-site scripting vulnerability. This...
PT-2026-22110
Name of the Vulnerable Software and Affected Versions Angular versions prior to 21.2.0 Angular versions prior to 21.1.16 Angular versions prior to 20.3.17 Angular versions prior to 19.2.19 Description Angular’s internationalization i18n pipeline contains a cross-site scripting issue. HTML within...
@cosla/sensemaking-web-ui (>=1.0.5 <=1.0.8), @manniwatch/client-desktop (>=0.30.0 <=0.30.1) +3 more potentially affected by CVE-2026-27739 via @angular/ssr (>=19.0.5 <=19.2.19)
@angular/ssr NPM version =19.0.5, =1.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARSSR-15357314...
EUVD-2026-8695
Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline...
@eui/deps-base (>=19.0.0-next.1 <=19.3.14-snapshot-1775028727408), @eui/deps-base-light (>=19.0.0-next.1 <=19.3.14-snapshot-1775028727408) +2 more potentially affected by CVE-2026-27739 via @angular-devkit/build-angular (>=19.0.0-next.10 <=19.2.19)
@angular-devkit/build-angular NPM version =19.0.0-next.10, =19.0.0-next.1, =19.0.0-next.1, =19.0.0, =19.0.1 - ng-deploy-oss =19.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARDEVKITBUILDANGULAR-15357315...
create-momentum-app (>=0.1.2 <=0.5.0) potentially affected by CVE-2026-27739 via @angular/ssr (=21.1.2)
@angular/ssr NPM version =21.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on @angular/ssr and may be impacted: - create-momentum-app =0.1.2, =0.5.0 Source cves: CVE-2026-27739 Source advisory: OSV:GHSA-X288-3778-4HHX...
@angular-devkit/build-angular (>=19.0.0 <=19.2.20), @eui/deps-base (>=19.0.0-next.1 <=19.3.14-snapshot-1775028727408) +3 more potentially affected by CVE-2026-27739 via @angular/build (>=19.0.0-next.0 <=19.2.20)
@angular/build NPM version =19.0.0-next.0, =19.0.0, =19.0.0-next.1, =19.0.0-next.1, =19.0.0, =19.0.1 - ng-deploy-oss =19.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARBUILD-15357312...
@arsloptima/password-strength (=0.0.1), @asafmalin/ngrid (>=5.0.0 <=5.0.1) +41 more potentially affected by CVE-2026-27739 via @nguniversal/express-engine (>=10.0.2 <=16.2.0)
@nguniversal/express-engine NPM version =10.0.2, =5.0.0, =1.0.1, =0.0.42, =7.0.0, =6.1.1, =4.0.0, =1.0.0, =0.1.1, =2.0.0, =3.0.0, =4.3.8 and more Source cves: CVE-2026-27739 Source advisory: OSV:GHSA-X288-3778-4HHX...
@adel-t/angular-ssr (>=1.0.0 <=1.0.2), @angularexpert/my-workspace (=0.0.0) +62 more potentially affected by CVE-2026-27739 via @angular/ssr (>=17.0.5 <=19.2.19)
@angular/ssr NPM version =17.0.5, =1.0.0, =3.1.1-0, =1.0.0, =0.0.1, =0.0.1, =19.3.0, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =0.1.0, =0.2.0 - @quest-poc/my-angular-app =0.0.0 and more Source cves: CVE-2026-27739 Source advisory: OSV:GHSA-X288-3778-4HHX...
Server-side Request Forgery (SSRF)
Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request handling pipeline due to improper validation of user-controlled HTTP headers such as Host and X-Forwarded-. An attacker can...
GHSA-X288-3778-4HHX Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline
A Server-Side Request Forgery SSRF vulnerability has been identified in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL reconstruction logic directly trusts and consumes user-controlled HTTP headers specifically the Host and X-Forwarded- family t...
Server-side Request Forgery (SSRF)
Overview @schematics/angular is a Schematics specific to Angular Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request handling pipeline due to improper validation of user-controlled HTTP headers such as Host and X-Forwarded-. An attacker can redirec...
Server-side Request Forgery (SSRF)
Overview @angular/build is an Official build system for Angular Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request handling pipeline due to improper validation of user-controlled HTTP headers such as Host and X-Forwarded-. An attacker can redirect...
@angular-devkit/build-angular (>=21.0.0 <=21.1.4), @eui/deps-base (>=21.0.0-alpha.10 <=23.0.0-alpha.1) +3 more potentially affected by CVE-2026-27739 via @angular/build (>=21.0.0-next.0 <=21.1.4)
@angular/build NPM version =21.0.0-next.0, =21.0.0, =21.0.0-alpha.10, =21.0.0-alpha.10, =21.0.0, =21.2.0-next.1 - ng-deploy-oss =21.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARBUILD-15357312...
Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline
A Server-Side Request Forgery SSRF vulnerability has been identified in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL reconstruction logic directly trusts and consumes user-controlled HTTP headers specifically the Host and X-Forwarded- family t...
create-momentum-app (>=0.1.2 <=0.5.0) potentially affected by CVE-2026-27739 via @angular/ssr (=21.1.2)
@angular/ssr NPM version =21.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on @angular/ssr and may be impacted: - create-momentum-app =0.1.2, =0.5.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARSSR-15357314...
@aiao/nest-angular-universal (>=0.1.1-alpha.1 <=0.2.6), @arsloptima/password-strength (=0.0.1) +56 more potentially affected by CVE-2026-27739 via @nguniversal/common (>=0.0.0-PLACEHOLDER <=16.2.0)
@nguniversal/common NPM version =0.0.0-PLACEHOLDER, =0.1.1-alpha.1, =5.0.0, =1.0.1, =0.7.0, =0.3.0, =0.0.6, =11.0.1, =11.0.1, =5.0.0, =7.0.0, =6.1.1, =7.0.3 and more Source cves: CVE-2026-27739 Source advisory: OSV:GHSA-X288-3778-4HHX...
@eui/deps-base (>=21.0.0-alpha.10 <=23.0.0-alpha.1), @eui/deps-base-light (>=21.0.0-alpha.10 <=23.0.0-alpha.1) +1 more potentially affected by CVE-2026-27739 via @angular-devkit/build-angular (>=21.0.0-next.1 <=21.1.0)
@angular-devkit/build-angular NPM version =21.0.0-next.1, =21.0.0-alpha.10, =21.0.0-alpha.10, =23.0.0-alpha.1 - ng-deploy-oss =21.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARDEVKITBUILDANGULAR-15357315...
@eui/deps-base-light-next (>=19.2.2 <=21.0.0-alpha.32), @eui/deps-base-next (>=19.2.2 <=21.0.0-alpha.32) +1 more potentially affected by CVE-2026-27739 via @angular-devkit/build-angular (>=20.0.0-rc.0 <=20.1.0)
@angular-devkit/build-angular NPM version =20.0.0-rc.0, =19.2.2, =19.2.2, =21.0.0-alpha.32 - ng-deploy-oss =20.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARDEVKITBUILDANGULAR-15357315...
@angular-devkit/build-angular (>=21.2.0-next.0 <=21.2.0-next.2) potentially affected by CVE-2026-27739 via @angular/build (>=21.2.0-next.0 <=21.2.0-next.2)
@angular/build NPM version =21.2.0-next.0, =21.2.0-next.0, =21.2.0-next.2 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARBUILD-15357312...