{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212972?format=json","vulnerability_id":"VCID-zxsg-rmwv-z7fg","summary":"@angular/platform-server: SSRF via Hostname Hijacking","aliases":[{"alias":"CVE-2026-46417"},{"alias":"GHSA-rfh7-fxqc-q52v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41328?format=json","purl":"pkg:npm/%40angular/platform-server@19.2.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/platform-server@19.2.22"},{"url":"http://public2.vulnerablecode.io/api/packages/41326?format=json","purl":"pkg:npm/%40angular/platform-server@20.3.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/platform-server@20.3.21"},{"url":"http://public2.vulnerablecode.io/api/packages/41322?format=json","purl":"pkg:npm/%40angular/platform-server@21.2.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/platform-server@21.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/41324?format=json","purl":"pkg:npm/%40angular/platform-server@22.0.0-next.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/platform-server@22.0.0-next.12"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41329?format=json","purl":"pkg:npm/%40angular/platform-server@18.2.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k83s-kt8k-3uar"},{"vulnerability":"VCID-zxsg-rmwv-z7fg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/platform-server@18.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/41327?format=json","purl":"pkg:npm/%40angular/platform-server@19.0.0-next.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4cvr-kruz-sfbu"},{"vulnerability":"VCID-k83s-kt8k-3uar"},{"vulnerability":"VCID-zxsg-rmwv-z7fg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/platform-server@19.0.0-next.0"},{"url":"http://public2.vulnerablecode.io/api/packages/41325?format=json","purl":"pkg:npm/%40angular/platform-server@20.0.0-next.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4cvr-kruz-sfbu"},{"vulnerability":"VCID-k83s-kt8k-3uar"},{"vulnerability":"VCID-zxsg-rmwv-z7fg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/platform-server@20.0.0-next.0"},{"url":"http://public2.vulnerablecode.io/api/packages/41321?format=json","purl":"pkg:npm/%40angular/platform-server@21.0.0-next.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4cvr-kruz-sfbu"},{"vulnerability":"VCID-k83s-kt8k-3uar"},{"vulnerability":"VCID-zxsg-rmwv-z7fg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/platform-server@21.0.0-next.0"},{"url":"http://public2.vulnerablecode.io/api/packages/41323?format=json","purl":"pkg:npm/%40angular/platform-server@22.0.0-next.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k83s-kt8k-3uar"},{"vulnerability":"VCID-zxsg-rmwv-z7fg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/platform-server@22.0.0-next.0"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46417","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16385","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16416","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16404","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46417"},{"reference_url":"https://github.com/angular/angular","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular"},{"reference_url":"https://github.com/angular/angular/pull/68570","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular/pull/68570"},{"reference_url":"https://github.com/advisories/GHSA-rfh7-fxqc-q52v","reference_id":"GHSA-rfh7-fxqc-q52v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rfh7-fxqc-q52v"},{"reference_url":"https://github.com/angular/angular/security/advisories/GHSA-rfh7-fxqc-q52v","reference_id":"GHSA-rfh7-fxqc-q52v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular/security/advisories/GHSA-rfh7-fxqc-q52v"}],"weaknesses":[{"cwe_id":918,"name":"Server-Side Request Forgery (SSRF)","description":"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxsg-rmwv-z7fg"}