CNNVD-202510-2289 Information
CNNVD ID
CNNVD-202510-2289
Related CVE
- CNNVD Published: 2025-10-16
Description (Chinese)
Angular CLI.是Angular开源的一个Angular的命令行界面。 Angular CLI. 19.2.18之前版本、20.3.6之前版本和21.0.0-next.8之前版本存在代码问题漏洞,该漏洞源于Angular服务器端渲染包中的URL解析机制存在服务器端请求伪造问题,可能导致服务器与任意外部端点通信。
Description (English)
Angular CLI. is an Angular command line interface from the Angular Open Source. The previous version of Angular CLI. 19.2.18, the previous version of 20.3.6 and the previous version of 21.0.0-next.8 had a code gap, which arose from the URL resolution mechanism in the Angular server render package, which had problems with the forgery of server requests and could lead to the communication of the server with any external endpoint.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Angular
Published
2025-10-16
Last Modified
2026-02-24
References
https://github.com/angular/angular-cli/commit/5271547c80662de10cb3bcb648779a83f6efedfb https://github.com/angular/angular-cli/security/advisories/GHSA-q63q-pgmf-mxhr https://access.redhat.com/security/cve/cve-2025-62427
Patch
https://github.com/angular/angular-cli/releases
Share on: