VulnerableCode Package Details - pkg:npm/%40angular/common@20.3.14

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-x8wa-kpm3-abh9	Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (`http://` or `https://`) to determine if it is cross-origin. If the URL starts with protocol-relative URL (`//`), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the `X-XSRF-TOKEN` header.	CVE-2025-66035 GHSA-58c5-g7wp-6w37

Vulnerability

Summary

Aliases

VCID-x8wa-kpm3-abh9

Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client The vulnerability is a **Credential Leak by App Logic** that leads to the **unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token** to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (`http://` or `https://`) to determine if it is cross-origin. If the URL starts with protocol-relative URL (`//`), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the `X-XSRF-TOKEN` header.

CVE-2025-66035
GHSA-58c5-g7wp-6w37

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T00:00:16.470333+00:00	GitLab Importer	Fixing	VCID-x8wa-kpm3-abh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@angular/common/CVE-2025-66035.yml	38.4.0
2026-04-12T01:23:02.589626+00:00	GitLab Importer	Fixing	VCID-x8wa-kpm3-abh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@angular/common/CVE-2025-66035.yml	38.3.0
2026-04-03T01:31:44.102927+00:00	GitLab Importer	Fixing	VCID-x8wa-kpm3-abh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@angular/common/CVE-2025-66035.yml	38.1.0
2026-04-01T16:07:11.943992+00:00	GHSA Importer	Fixing	VCID-x8wa-kpm3-abh9	https://github.com/advisories/GHSA-58c5-g7wp-6w37	38.0.0
2026-04-01T12:56:28.072639+00:00	GithubOSV Importer	Fixing	VCID-x8wa-kpm3-abh9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-58c5-g7wp-6w37/GHSA-58c5-g7wp-6w37.json	38.0.0
2026-04-01T12:53:25.216973+00:00	GitLab Importer	Fixing	VCID-x8wa-kpm3-abh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@angular/common/CVE-2025-66035.yml	38.0.0