Path Traversal in angular-http-server (GHSA-vmhw-fhj6-m3g5)

Description

Versions of angular-http-server before 1.4.4 are vulnerable to path traversal.

Recommendation

Update the angular-http-server package to the latest compatible version. Followings are version details:

• Affected version(s): < 1.4.4
• Patched version(s): 1.4.4

References

• GHSA-vmhw-fhj6-m3g5
• hackerone.com
• www.npmjs.com
• CWE-22
• OWASP 2021-A1

Related Issues

• Vite's `server.fs` settings were not applied to HTML files - CVE-2025-58752
• Trix editor subject to XSS vulnerabilities on copy & paste - CVE-2024-53847
• Knwl.js Regular Expression Denial of Service vulnerability - CVE-2020-26306
• VvvebJs Reflected Cross-Site Scripting (XSS) vulnerability - CVE-2024-29271

Tags:

npm

angular-http-server