CVE-2025-62427 (CNNVD-202510-2289)

HIGH
中文标题:
Angular CLI. 代码问题漏洞
英文标题:
Server-Side Request Forgery (SSRF) in Angular SSR
CVSS分数: 8.7
发布时间: 2025-10-16 18:50:11
漏洞类型: 代码问题
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

Angular CLI.是Angular开源的一个Angular的命令行界面。 Angular CLI. 19.2.18之前版本、20.3.6之前版本和21.0.0-next.8之前版本存在代码问题漏洞,该漏洞源于Angular服务器端渲染包中的URL解析机制存在服务器端请求伪造问题,可能导致服务器与任意外部端点通信。

英文描述:

The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution mechanism of Angular's Server-Side Rendering package (@angular/ssr) before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestUrl uses the native URL constructor. When an incoming request path (e.g., originalUrl or url) begins with a double forward slash (//) or backslash (\\), the URL constructor treats it as a schema-relative URL. This behavior overrides the security-intended base URL (protocol, host, and port) supplied as the second argument, instead resolving the URL against the scheme of the base URL but adopting the attacker-controlled hostname. This allows an attacker to specify an external domain in the URL path, tricking the Angular SSR environment into setting the page's virtual location (accessible via DOCUMENT or PlatformLocation tokens) to this attacker-controlled domain. Any subsequent relative HTTP requests made during the SSR process (e.g., using HttpClient.get('assets/data.json')) will be incorrectly resolved against the attacker's domain, forcing the server to communicate with an arbitrary external endpoint. This vulnerability is fixed in 19.2.18, 20.3.6, and 21.0.0-next.8.

CWE类型:
CWE-918
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
angular angular-cli >=19.0.0-next.0, < 19.2.18 - - cpe:2.3:a:angular:angular-cli:>=19.0.0-next.0,_<_19.2.18:*:*:*:*:*:*:*
angular angular-cli >=20.0.0-next.0, < 20.3.6 - - cpe:2.3:a:angular:angular-cli:>=20.0.0-next.0,_<_20.3.6:*:*:*:*:*:*:*
angular angular-cli >=21.0.0-next.0, < 21.0.0-next.8 - - cpe:2.3:a:angular:angular-cli:>=21.0.0-next.0,_<_21.0.0-next.8:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
https://github.com/angular/angular-cli/security/advisories/GHSA-q63q-pgmf-mxhr x_refsource_CONFIRM
cve.org
访问
https://github.com/angular/angular-cli/commit/5271547c80662de10cb3bcb648779a83f6efedfb x_refsource_MISC
cve.org
访问
CVSS评分详情
4.0 (cna)
HIGH
8.7
CVSS向量: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
机密性
HIGH
完整性
NONE
可用性
NONE
后续系统影响 (Subsequent):
机密性
NONE
完整性
NONE
可用性
NONE
时间信息
发布时间:
2025-10-16 18:50:11
修改时间:
2025-10-17 13:24:15
创建时间:
2025-11-11 15:40:49
更新时间:
2025-11-11 16:00:17
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2025-62427 2025-11-11 15:23:33 2025-11-11 07:40:49
NVD nvd_CVE-2025-62427 2025-11-11 15:01:06 2025-11-11 07:48:35
CNNVD cnnvd_CNNVD-202510-2289 2025-11-11 15:12:30 2025-11-11 08:00:17
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 16:00:17
vulnerability_type: 未提取 → 代码问题; cnnvd_id: 未提取 → CNNVD-202510-2289; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 代码问题
  • cnnvd_id: 未提取 -> CNNVD-202510-2289
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:48:35
data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • data_sources: ['cve'] -> ['cve', 'nvd']