Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/06/15 5:24 p.m.96 views

@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing reque...

8.8CVSS5.3AI score0.0009EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/15 5:24 p.m.6 views

GHSA-39PV-4J6C-2G6V @angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing reque...

8.8CVSS5.3AI score0.0009EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 3:16 p.m.10 views

Angular Client Hydration DOM Clobbering & Response-Cache Poisoning

To optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via provideClientHydration. During SSR, Angular serializes the application's runtime state such as cached HttpClient responses and outputs it into the HTML stream as a tag with a predictable...

8.6CVSS5.4AI score0.00179EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2026/03/10 8:20 p.m.172 views

Exploit for OS Command Injection in Signalk Signal_K_Server

CVE-2025-66398 — Signal K Server RCE PoC...

9.6CVSS6.4AI score0.17934EPSS
Exploits3
OSV
OSV
added 2025/06/18 10:15 a.m.1 views

UBUNTU-CVE-2025-38060

In the Linux kernel, the following vulnerability has been resolved: bpf: copyverifierstate should copy 'loopentry' field The bpfverifierstate.loopentry state should be copied by copyverifierstate. Otherwise, .loopentry values from unrelated states would poison env-curstate. Additionally, env-stac...

5.5CVSS6AI score0.00143EPSS
Exploits0References29
Rows per page
Query Builder