CVE-2025-59052 (CNNVD-202509-1477)
中文标题:
Angular 竞争条件问题漏洞
英文标题:
Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage
漏洞描述
中文描述:
Angular是Angular开源的一个开发平台。用于使用 Typescript / JavaScript 和其他语言构建移动和桌面 Web 应用程序。 Angular存在竞争条件问题漏洞,该漏洞源于DI容器在多请求并发处理时可能共享或覆盖全局状态,可能导致数据泄露。
英文描述:
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container (the "platform injector") to hold request-specific state during server-side rendering. For historical reasons, the container was stored as a JavaScript module-scoped global variable. When multiple requests are processed concurrently, they could inadvertently share or overwrite the global injector state. In practical terms, this can lead to one request responding with data meant for a completely different request, leaking data or tokens included on the rendered page or in response headers. As long as an attacker had network access to send any traffic that received a rendered response, they may have been able to send a large number of requests and then inspect the responses for information leaks. The APIs `bootstrapApplication`, `getPlatform`, and `destroyPlatform` were vulnerable and required SSR-only breaking changes. The issue has been patched in all active release lines as well as in the v21 prerelease. Patched packages include `@angular/platform-server` 21.0.0-next.3, 20.3.0, 19.2.15, and 18.2.14 and `@angular/ssr` 21.0.0-next.3, 20.3.0, 19.2.16, and 18.2.21. Several workarounds are available. Disable SSR via Server Routes or builder options, remove any asynchronous behavior from custom `bootstrap` functions, remove uses of `getPlatform()` in application code, and/or ensure that the server build defines `ngJitMode` as false.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| angular | angular | @angular/platform-server >= 16.0.0-next.0, < 18.2.14 | - | - |
cpe:2.3:a:angular:angular:@angular_platform-server_>=_16.0.0-next.0,_<_18.2.14:*:*:*:*:*:*:*
|
| angular | angular | @angular/platform-server >= 20.0.0-next.0, < 20.3.0 | - | - |
cpe:2.3:a:angular:angular:@angular_platform-server_>=_20.0.0-next.0,_<_20.3.0:*:*:*:*:*:*:*
|
| angular | angular | @angular/platform-server >= 19.0.0-next.0, < 19.2.15 | - | - |
cpe:2.3:a:angular:angular:@angular_platform-server_>=_19.0.0-next.0,_<_19.2.15:*:*:*:*:*:*:*
|
| angular | angular | @angular/platform-server >= 21.0.0-next.0, < 21.0.0-next.3 | - | - |
cpe:2.3:a:angular:angular:@angular_platform-server_>=_21.0.0-next.0,_<_21.0.0-next.3:*:*:*:*:*:*:*
|
| angular | angular | @angular/ssr >= 17.0.0-next.0, < 18.2.21 | - | - |
cpe:2.3:a:angular:angular:@angular_ssr_>=_17.0.0-next.0,_<_18.2.21:*:*:*:*:*:*:*
|
| angular | angular | @angular/ssr >= 19.0.0-next.0, < 19.2.16 | - | - |
cpe:2.3:a:angular:angular:@angular_ssr_>=_19.0.0-next.0,_<_19.2.16:*:*:*:*:*:*:*
|
| angular | angular | @angular/ssr >= 20.0.0-next.0, < 20.3.0 | - | - |
cpe:2.3:a:angular:angular:@angular_ssr_>=_20.0.0-next.0,_<_20.3.0:*:*:*:*:*:*:*
|
| angular | angular | @angular/ssr >= 21.0.0-next.0, < 21.0.0-next.3 | - | - |
cpe:2.3:a:angular:angular:@angular_ssr_>=_21.0.0-next.0,_<_21.0.0-next.3:*:*:*:*:*:*:*
|
| angular | angular | @nguniversal/common >= 16.0.0-next.0, <= 16.2.0 | - | - |
cpe:2.3:a:angular:angular:@nguniversal_common_>=_16.0.0-next.0,_<=_16.2.0:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
4.0 (cna)
HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-59052 |
2025-11-11 15:23:31 | 2025-11-11 07:40:46 |
| NVD | nvd_CVE-2025-59052 |
2025-11-11 15:01:02 | 2025-11-11 07:48:33 |
| CNNVD | cnnvd_CNNVD-202509-1477 |
2025-11-11 15:12:56 | 2025-11-11 08:00:10 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 竞争条件问题
- cnnvd_id: 未提取 -> CNNVD-202509-1477
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']