Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-4rvg-955w-h68q

GitHub Security Advisory

Path Traversal in angular-http-server

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Affected versions of `angular-http-server` are vulnerable to path traversal allowing a remote attacker to read files from the server that uses `angular-http-server`.

## Recommendation

Update to version 1.6.0 or later.

:exclamation: Note: This was originally thought to be fixed in version 1.4.3, though according to [this issue](https://github.com/ossf-cve-benchmark/ossf-cve-benchmark/issues/117#issuecomment-803872454) the vulnerability was not completely fixed until version 1.6.0.

Affected Packages

npm angular-http-server
Affected versions: 0 (fixed in 1.6.0)

Related CVEs

CVE-2018-3713

Key Information

GHSA ID
GHSA-4rvg-955w-h68q
Published
July 26, 2018 2:47 PM
Last Modified
March 1, 2023 1:19 AM
CVSS Score
5.0 /10
Primary Ecosystem
npm
Primary Package
angular-http-server
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 30, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.