While not directly involved and used, the Angular sample inside srcANGULAR/ directory contains a security vulnerability CVE-2024-29180 from one if Angular's depedency with high severity (7.4/10). The problem is mainly because the middleware is able to perform path traversal and eventually obtain sensitive files like /etc/passwd using simple command like:
$ curl localhost:8080/public/..%2f..%2f..%2f..%2f../etc/passwd
Hence, we need to amend it and roll out a hot release.
This patch applies CVE-2024-29180 fixes in srcANGULAR/ directory.
While not directly involved and used, the Angular sample inside srcANGULAR/ directory contains a security vulnerability CVE-2024-29180 from one if Angular's depedency with high severity (7.4/10). The problem is mainly because the middleware is able to perform path traversal and eventually obtain sensitive files like /etc/passwd using simple command like: $ curl localhost:8080/public/..%2f..%2f..%2f..%2f../etc/passwd
Hence, we need to amend it and roll out a hot release.
This patch applies CVE-2024-29180 fixes in srcANGULAR/ directory.