angular-server-side-configuration@15.0.1 vulnerabilities

Configure an angular application on the server

latest version

18.2.0
latest non vulnerable version

18.2.0
first published

6 years ago
latest version published

2 months ago
licenses detected
- Apache-2.0
  >=0
View angular-server-side-configuration package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the angular-server-side-configuration package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Information Exposure angular-server-side-configuration is a Configure an angular application on the server Affected versions of this package are vulnerable to Information Exposure. `angular-server-side-configuration` detects used environment variables in TypeScript (`.ts`) files during build time of an Angular CLI project. The detected environment variables are written to an `ngssc.json` file in the output directory. During deployment of an Angular based app, the environment variables based on the variables from `ngssc.json` are inserted into the app's `index.html` (or defined index file). In version 15.0.0 the environment variable detection was widened to the entire project, relative to the `angular.json` file from the Angular CLI. In a monorepo setup, this could lead to environment variables intended for a backend/service to be detected and written to the `ngssc.json`, which would then be populated and exposed via `index.html`. Note This has no impact in a plain Angular project that has no backend component. How to fix Information Exposure? Upgrade `angular-server-side-configuration` to version 15.1.0 or higher.	>=15.0.0 <15.1.0

Information Exposure

angular-server-side-configuration is a Configure an angular application on the server

Affected versions of this package are vulnerable to Information Exposure. angular-server-side-configuration detects used environment variables in TypeScript (.ts) files during build time of an Angular CLI project. The detected environment variables are written to an ngssc.json file in the output directory. During deployment of an Angular based app, the environment variables based on the variables from ngssc.json are inserted into the app's index.html (or defined index file).

In version 15.0.0 the environment variable detection was widened to the entire project, relative to the angular.json file from the Angular CLI. In a monorepo setup, this could lead to environment variables intended for a backend/service to be detected and written to the ngssc.json, which would then be populated and exposed via index.html.

Note This has no impact in a plain Angular project that has no backend component.

How to fix Information Exposure?

Upgrade angular-server-side-configuration to version 15.1.0 or higher.

>=15.0.0 <15.1.0

Go back to all versions of this package

angular-server-side-configuration@15.0.1 vulnerabilities

Configure an angular application on the server

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities