angular-server-side-configuration is vulnerable to Sensitive Information Disclosure. The vulnerability is due to leaking of environment variables because the library detects used environment variables in TypeScript files and writes them to a ngssc.json
file in the output directory, which is then inserted into the app’s index.html
, resulting in the Disclosure of Sensitive Information. angular-server-side-configuration is only vulnerable in a monorepo configuration with an angular backend.
CPE | Name | Operator | Version |
---|---|---|---|
angular-server-side-configuration | le | 15.0.2 | |
angular-server-side-configuration | le | 15.0.2 |
github.com/advisories/GHSA-gwvm-vrp4-4pp5
github.com/kyubisation/angular-server-side-configuration/commit/d701f51260637a84ede278e248934e0437a7ff86
github.com/kyubisation/angular-server-side-configuration/pull/75
github.com/kyubisation/angular-server-side-configuration/releases/tag/v15.1.0
github.com/kyubisation/angular-server-side-configuration/security/advisories/GHSA-gwvm-vrp4-4pp5