CNNVD-202511-2821 Information

Nov 26, 2025 cve

CNNVD ID

CNNVD-202511-2821

CVE-2025-66035

  • CNNVD Published: 2025-11-26

Description (Chinese)

Angular是Angular开源的一个开发平台。用于使用 Typescript / JavaScript 和其他语言构建移动和桌面 Web 应用程序。 Angular 19.2.16之前版本、20.3.14之前版本和21.0.1之前版本存在安全漏洞,该漏洞源于通过协议相对URL泄漏XSRF令牌,可能导致跨站请求伪造令牌泄露。

Description (English)

Angular is a development platform for the Angular open source. To build mobile and desktop Web applications using Typescript / JavaScript English and French. Angular 19.2.16, 20.3.14 and 21.01 had a security loophole, which originated from the leaking of XSRF tokens by agreement relative to URLs, which could lead to cross-site requests for their forgery.

Hazard Level

High

Vulnerability Type

其他

Published

2025-11-26

Last Modified

2026-02-24

References

https://github.com/angular/angular/releases/tag/21.0.1 https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f https://github.com/angular/angular/releases/tag/20.3.14 https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37 https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc https://github.com/angular/angular/releases/tag/19.2.16 https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e https://vigilance.fr/vulnerability/Angular-information-disclosure-via-HTTP-Client-Protocol-Relative-URLs-XSRF-Token-48868

Patch

https://github.com/angular/angular/releases

Share on: