Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the HttpClient which has a built-in XSRF protection mechanism. An attacker can obtain sensitive authentication tokens by crafting requests using protocol-relative URLs that cause the token to be sent to domains under the attacker's control.
Note:
This is only exploitable if XSRF protection is enabled and the application allows requests to protocol-relative URLs.
Workaround
This vulnerability can be mitigated by avoiding the use of protocol-relative URLs (those starting with //) in requests and ensuring all backend communication URLs are either relative paths or fully qualified, trusted absolute URLs.
Remediation
Upgrade @angular/common to version 19.2.16, 20.3.14, 21.0.1 or higher.