Vulnerability	Vulnerable Version
M Open Redirect @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Open Redirect via improper handling of the `X-Forwarded-Prefix` header. An attacker can manipulate internal redirects or server-side requests by injecting encoded path traversal sequences, which are decoded and used by the application logic. This can result in unintended redirects or requests to internal or external endpoints. Note: This is only exploitable if the application is configured to trust proxy headers and is deployed behind a proxy that forwards the `X-Forwarded-Prefix` header without prior sanitization. How to fix Open Redirect? Upgrade `@angular/ssr` to version 19.2.25, 20.3.25, 21.2.9, 22.0.0-next.7 or higher.	>=19.0.0-next.0 <19.2.25>=20.0.0-next.0 <20.3.25>=21.0.0-next.0 <21.2.9>=22.0.0-next.0 <22.0.0-next.7

Open Redirect

@angular/ssr is a the Angular server side rendering utilities.

Affected versions of this package are vulnerable to Open Redirect via improper handling of the X-Forwarded-Prefix header. An attacker can manipulate internal redirects or server-side requests by injecting encoded path traversal sequences, which are decoded and used by the application logic. This can result in unintended redirects or requests to internal or external endpoints.

Note: This is only exploitable if the application is configured to trust proxy headers and is deployed behind a proxy that forwards the X-Forwarded-Prefix header without prior sanitization.

How to fix Open Redirect?

Upgrade @angular/ssr to version 19.2.25, 20.3.25, 21.2.9, 22.0.0-next.7 or higher.

>=19.0.0-next.0 <19.2.25>=20.0.0-next.0 <20.3.25>=21.0.0-next.0 <21.2.9>=22.0.0-next.0 <22.0.0-next.7

Go back to all versions of this package