CNNVD-202509-1477 Information
CNNVD ID
CNNVD-202509-1477
Related CVE
- CNNVD Published: 2025-09-10
Description (Chinese)
Angular是Angular开源的一个开发平台。用于使用 Typescript / JavaScript 和其他语言构建移动和桌面 Web 应用程序。 Angular存在竞争条件问题漏洞,该漏洞源于DI容器在多请求并发处理时可能共享或覆盖全局状态,可能导致数据泄露。
Description (English)
Angular is a development platform for the Angular open source. To build mobile and desktop Web applications using Typescript / JavaScript English and French. Angular has a loophole in the terms of competition, which stems from the fact that DI containers may share or cover the global state when they are requested and processed, and may lead to data leakage.
Hazard Level
High
Vulnerability Type
竞争条件问题
Affected Vendor
Angular
Published
2025-09-10
Last Modified
2026-02-24
References
https://github.com/angular/angular-cli/pull/31108 https://github.com/angular/angular/pull/63562 https://github.com/angular/angular/security/advisories/GHSA-68x2-mx4q-78m7 https://access.redhat.com/security/cve/cve-2025-59052
Patch
https://github.com/angular/angular/releases
Share on: