CVE-2023-28444

Name of the Vulnerable Software and Affected Versions angular-server-side-configuration versions 15.0.0 through 15.0.x

Description The issue concerns the detection of environment variables in TypeScript files during the build time of an Angular CLI project. These variables are written to a ngssc.json file and later inserted into the app's index.html file. In a monorepo setup, this could lead to the exposure of environment variables intended for a backend or service via index.html. This has no impact on plain Angular projects without a backend component.

Recommendations For angular-server-side-configuration versions 15.0.0 through 15.0.x, update to version 15.1.0, which adds an option searchPattern to restrict the detection file range by default. Alternatively, manually edit or create ngssc.json, or run a script after ngssc.json generation as a temporary workaround.