Path Traversal in angular-http-server (GHSA-vmhw-fhj6-m3g5)

Description

Versions of angular-http-server before 1.4.4 are vulnerable to path traversal.

Recommendation

Update the angular-http-server package to the latest compatible version. Followings are version details:

• Affected version(s): < 1.4.4
• Patched version(s): 1.4.4

References

• GHSA-vmhw-fhj6-m3g5
• hackerone.com
• www.npmjs.com
• CWE-22
• OWASP 2021-A1

Related Issues

• vite allows server.fs.deny bypass via backslash on Windows - CVE-2025-62522
• Vite's `server.fs` settings were not applied to HTML files - CVE-2025-58752
• OpenPGP.js's message signature verification can be spoofed - CVE-2025-47934
• Trix editor subject to XSS vulnerabilities on copy & paste - CVE-2024-53847

Tags:

npm

angular-http-server