srcANGULAR: applied fix for CVE-2024-29180 security vulenerabiltiy

While not directly involved and used, the Angular sample inside srcANGULAR/ directory contains a security vulnerability CVE-2024-29180 from one if Angular's depedency with high severity (7.4/10). The problem is mainly because the middleware is able to perform path traversal and eventually obtain sensitive files like /etc/passwd using simple command like: $ curl localhost:8080/public/..%2f..%2f..%2f..%2f../etc/passwd Hence, we need to amend it and roll out a hot release. This patch applies CVE-2024-29180 fixes in srcANGULAR/ directory. Co-authored-by: Shuralyov, Jean <[email protected]> Co-authored-by: Galyna, Cory <[email protected]> Co-authored-by: (Holloway) Chew, Kean Ho <[email protected]> Signed-off-by: (Holloway) Chew, Kean Ho <[email protected]>
ChewKeanHo · Mar 22, 2024 · 2566c59 · 2566c59
1 parent d4ff728
commit 2566c59
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 8 deletions.
diff --git a/CONFIG.toml b/CONFIG.toml
@@ -171,7 +171,7 @@ AUTOMATACI_LANG = ""
 #
 # To enable it: simply supply the path (e.g. default is 'srcANGULAR').
 # To disable it: simply supply an empty path (e.g. default is '').
-PROJECT_ANGULAR = ''
+PROJECT_ANGULAR = 'srcANGULAR'
 
 
 

diff --git a/srcANGULAR/package-lock.json b/srcANGULAR/package-lock.json