angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
- Severity:
- High
Description
angular-server-side-configuration detects used environment variables in TypeScript (.ts) files during build time of an Angular CLI project. The detected environment variables are written to a ngssc.json file in the output directory. During deployment of an Angular based app, the environment variables based on the variables from ngssc.
Recommendation
Update the angular-server-side-configuration package to the latest compatible version. Followings are version details:
- Affected version(s): >= 15.0.0, < 15.1.0
- Patched version(s): 15.1.0
References
Related Issues
- google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability - CVE-2023-48711
- FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations - CVE-2026-47717
- Server-Side Request Forgery in Request - CVE-2023-28155
- Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin - CVE-2023-22621
You might also like:
- Tags:
- npm
- angular-server-side-configuration
Anything's wrong? Let us know Last updated on March 24, 2023


