SCA: security update for @angular/ssr (GHSA-q63q-pgmf-mxhr)

high Tenable Cloud Security Plugin ID 435649

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-
Side Request Forgery (SSRF) flaw within the URL resolution mechanism of Angular's Server-Side Rendering
package (@angular/ssr) before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestUrl uses the
native URL constructor. When an incoming request path (e.g., originalUrl or url) begins with a double
forward slash (//) or backslash (\\), the URL constructor treats it as a schema-relative URL. This
behavior overrides the security-intended base URL (protocol, host, and port) supplied as the second
argument, instead resolving the URL against the scheme of the base URL but adopting the attacker-
controlled hostname. This allows an attacker to specify an external domain in the URL path, tricking the
Angular SSR environment into setting the page's virtual location (accessible via DOCUMENT or
PlatformLocation tokens) to this attacker-controlled domain. Any subsequent relative HTTP requests made
during the SSR process (e.g., using HttpClient.get('assets/data.json')) will be incorrectly resolved
against the attacker's domain, forcing the server to communicate with an arbitrary external endpoint. This
vulnerability is fixed in 19.2.18, 20.3.6, and 21.0.0-next.8. (CVE-2025-62427)

See Also

https://github.com/advisories/GHSA-q63q-pgmf-mxhr

Plugin Details

Severity: High

ID: 435649

Version: Revision 1.7

Type: Local

Family: SCA Checks

Published: 10/17/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.3

Percentile: 53.2

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2025-62427

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 6.6

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 10/16/2025

Vulnerability Publication Date: 10/16/2025

Reference Information

CVE: CVE-2025-62427

cwe: CWE-918