Skip to content

Commit 2566c59

Browse files
hollowaykeanhoJeanShuralyovcorygalyna
committed
srcANGULAR: applied fix for CVE-2024-29180 security vulenerabiltiy
While not directly involved and used, the Angular sample inside srcANGULAR/ directory contains a security vulnerability CVE-2024-29180 from one if Angular's depedency with high severity (7.4/10). The problem is mainly because the middleware is able to perform path traversal and eventually obtain sensitive files like /etc/passwd using simple command like: $ curl localhost:8080/public/..%2f..%2f..%2f..%2f../etc/passwd Hence, we need to amend it and roll out a hot release. This patch applies CVE-2024-29180 fixes in srcANGULAR/ directory. Co-authored-by: Shuralyov, Jean <jean.shuralyov@proton.me> Co-authored-by: Galyna, Cory <cory.galyna@gmail.com> Co-authored-by: (Holloway) Chew, Kean Ho <hollowaykeanho@gmail.com> Signed-off-by: (Holloway) Chew, Kean Ho <hollowaykeanho@gmail.com>
1 parent d4ff728 commit 2566c59

File tree

2 files changed

+8
-8
lines changed

2 files changed

+8
-8
lines changed

CONFIG.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -171,7 +171,7 @@ AUTOMATACI_LANG = ""
171171
#
172172
# To enable it: simply supply the path (e.g. default is 'srcANGULAR').
173173
# To disable it: simply supply an empty path (e.g. default is '').
174-
PROJECT_ANGULAR = ''
174+
PROJECT_ANGULAR = 'srcANGULAR'
175175

176176

177177

srcANGULAR/package-lock.json

Lines changed: 7 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)