CVE-2020-7676 - Vulnerability Details

Vendors	Products
Angularjs	Angular.js
Redhat	Amq Broker Ansible Tower Jboss Fuse Red Hat Single Sign On

Package	CPE	Advisory	Released Date
Red Hat AMQ 7.8.1
	cpe:/a:redhat:amq_broker:7	RHSA-2021:0417	2021-02-04T00:00:00Z
Red Hat Ansible Tower 3.7 for RHEL 7
ansible-tower-37/ansible-tower-rhel7:3.7.4-1	cpe:/a:redhat:ansible_tower:3.7::el7	RHSA-2020:5249	2020-11-30T00:00:00Z
Red Hat Fuse 7.8.0
	cpe:/a:redhat:jboss_fuse:7	RHSA-2020:5568	2020-12-16T00:00:00Z
Red Hat Single Sign-On 7.4.6
angular	cpe:/a:redhat:red_hat_single_sign_on:7	RHSA-2021:0974	2021-03-23T00:00:00Z
Red Hat Single Sign-On 7.4 for RHEL 6
rh-sso7-keycloak-0:9.0.12-1.redhat_00001.1.el6sso	cpe:/a:redhat:red_hat_single_sign_on:7::el6	RHSA-2021:0967	2021-03-23T00:00:00Z
Red Hat Single Sign-On 7.4 for RHEL 7
rh-sso7-keycloak-0:9.0.12-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7::el7	RHSA-2021:0968	2021-03-23T00:00:00Z
Red Hat Single Sign-On 7.4 for RHEL 8
rh-sso7-keycloak-0:9.0.12-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7::el8	RHSA-2021:0969	2021-03-23T00:00:00Z

Link	Providers
https://github.com/angular/angular.js/pull/17028%2C
https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-7676
https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
https://www.cve.org/CVERecord?id=CVE-2020-7676

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "angular.js", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions prior to 1.8.0"}]}], "descriptions": [{"lang": "en", "value": "angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping \"<option>\" elements in \"<select>\" ones changes parsing behavior, leading to possibly unsanitizing code."}], "problemTypes": [{"descriptions": [{"description": "Cross-site Scripting", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-09T15:06:12", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/angular/angular.js/pull/17028%2C"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-570058"}, {"name": "[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201006 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] vivekratnavel opened a new pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201006 [jira] [Created] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] dineshchitlangia commented on a change in pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201007 [GitHub] [hadoop-ozone] vivekratnavel commented on pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201008 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-commits] 20201008 [hadoop-ozone] branch master updated: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (#1481)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201008 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201009 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "ID": "CVE-2020-7676", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "angular.js", "version": {"version_data": [{"version_value": "All versions prior to 1.8.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping \"<option>\" elements in \"<select>\" ones changes parsing behavior, leading to possibly unsanitizing code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-site Scripting"}]}]}, "references": {"reference_data": [{"name": "https://github.com/angular/angular.js/pull/17028,", "refsource": "MISC", "url": "https://github.com/angular/angular.js/pull/17028,"}, {"name": "https://snyk.io/vuln/SNYK-JS-ANGULAR-570058", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-570058"}, {"name": "[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201006 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] vivekratnavel opened a new pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201006 [jira] [Created] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] dineshchitlangia commented on a change in pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201007 [GitHub] [hadoop-ozone] vivekratnavel commented on pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201008 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-commits] 20201008 [hadoop-ozone] branch master updated: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (#1481)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201008 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201009 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:41:01.655Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/angular/angular.js/pull/17028%2C"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-570058"}, {"name": "[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201006 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] vivekratnavel opened a new pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201006 [jira] [Created] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] dineshchitlangia commented on a change in pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201007 [GitHub] [hadoop-ozone] vivekratnavel commented on pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201008 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-commits] 20201008 [hadoop-ozone] branch master updated: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (#1481)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201008 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E"}, {"name": "[hadoop-ozone-issues] 20201009 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7676", "datePublished": "2020-06-08T13:34:09", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:41:01.655Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : angular.js (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions prior to 1.8.0 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Cross-site Scripting (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-10-09T15:06:12 (string)

orgId : bae035ff-b466-4ff4-94d0-fc9efd9e1730 (string)

shortName : snyk (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/angular/angular.js/pull/17028%2C (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 (string)

}

2 : { »

name : [nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E (string)

}

3 : { »

name : [hadoop-ozone-issues] 20201006 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

4 : { »

name : [hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] vivekratnavel opened a new pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

5 : { »

name : [hadoop-ozone-issues] 20201006 [jira] [Created] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

6 : { »

name : [hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] dineshchitlangia commented on a change in pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

7 : { »

name : [hadoop-ozone-issues] 20201007 [GitHub] [hadoop-ozone] vivekratnavel commented on pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

8 : { »

name : [hadoop-ozone-issues] 20201008 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

9 : { »

name : [hadoop-ozone-commits] 20201008 [hadoop-ozone] branch master updated: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (#1481) (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E (string)

}

10 : { »

name : [hadoop-ozone-issues] 20201008 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

11 : { »

name : [hadoop-ozone-issues] 20201009 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : report@snyk.io (string)

ID : CVE-2020-7676 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : angular.js (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions prior to 1.8.0 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Cross-site Scripting (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://github.com/angular/angular.js/pull/17028, (string)

refsource : MISC (string)

url : https://github.com/angular/angular.js/pull/17028, (string)

}

1 : { »

name : https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 (string)

refsource : MISC (string)

url : https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 (string)

}

2 : { »

name : [nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E (string)

}

3 : { »

name : [hadoop-ozone-issues] 20201006 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E (string)

}

4 : { »

name : [hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] vivekratnavel opened a new pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E (string)

}

5 : { »

name : [hadoop-ozone-issues] 20201006 [jira] [Created] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E (string)

}

6 : { »

name : [hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] dineshchitlangia commented on a change in pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E (string)

}

7 : { »

name : [hadoop-ozone-issues] 20201007 [GitHub] [hadoop-ozone] vivekratnavel commented on pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E (string)

}

8 : { »

name : [hadoop-ozone-issues] 20201008 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E (string)

}

9 : { »

name : [hadoop-ozone-commits] 20201008 [hadoop-ozone] branch master updated: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (#1481) (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E (string)

}

10 : { »

name : [hadoop-ozone-issues] 20201008 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E (string)

}

11 : { »

name : [hadoop-ozone-issues] 20201009 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T09:41:01.655Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/angular/angular.js/pull/17028%2C (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 (string)

}

2 : { »

name : [nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E (string)

}

3 : { »

name : [hadoop-ozone-issues] 20201006 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

4 : { »

name : [hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] vivekratnavel opened a new pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

5 : { »

name : [hadoop-ozone-issues] 20201006 [jira] [Created] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

6 : { »

name : [hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] dineshchitlangia commented on a change in pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

7 : { »

name : [hadoop-ozone-issues] 20201007 [GitHub] [hadoop-ozone] vivekratnavel commented on pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

8 : { »

name : [hadoop-ozone-issues] 20201008 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

9 : { »

name : [hadoop-ozone-commits] 20201008 [hadoop-ozone] branch master updated: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (#1481) (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E (string)

}

10 : { »

name : [hadoop-ozone-issues] 20201008 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

11 : { »

name : [hadoop-ozone-issues] 20201009 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : bae035ff-b466-4ff4-94d0-fc9efd9e1730 (string)

assignerShortName : snyk (string)

cveId : CVE-2020-7676 (string)

datePublished : 2020-06-08T13:34:09 (string)

dateReserved : 2020-01-21T00:00:00 (string)

dateUpdated : 2024-08-04T09:41:01.655Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "65E33877-ED88-4E0C-B510-83D6A51C09A0", "versionEndExcluding": "1.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping \"<option>\" elements in \"<select>\" ones changes parsing behavior, leading to possibly unsanitizing code."}, {"lang": "es", "value": "angular.js versiones anteriores a 1.8.0, permite un ataque de tipo cross site scripting. El reemplazo de HTML de entradas basadas en expresiones regulares puede convertir el c\u00f3digo saneado en uno no saneado. Al contener los elementos \"\" en los \"\" cambia el comportamiento del an\u00e1lisis, conllevando a un posible c\u00f3digo de desaneamiento"}], "id": "CVE-2020-7676", "lastModified": "2024-11-21T05:37:35.460", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-08T14:15:13.133", "references": [{"source": "report@snyk.io", "url": "https://github.com/angular/angular.js/pull/17028%2C"}, {"source": "report@snyk.io", "url": "https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "report@snyk.io", "url": "https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "report@snyk.io", "url": "https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "report@snyk.io", "url": "https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "report@snyk.io", "url": "https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "report@snyk.io", "url": "https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "report@snyk.io", "url": "https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E"}, {"source": "report@snyk.io", "url": "https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "report@snyk.io", "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"}, {"source": "report@snyk.io", "url": "https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-570058"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/angular/angular.js/pull/17028%2C"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-570058"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 65E33877-ED88-4E0C-B510-83D6A51C09A0 (string)

versionEndExcluding : 1.8.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code. (string)

}

1 : { »

lang : es (string)

value : angular.js versiones anteriores a 1.8.0, permite un ataque de tipo cross site scripting. El reemplazo de HTML de entradas basadas en expresiones regulares puede convertir el código saneado en uno no saneado. Al contener los elementos "" en los "" cambia el comportamiento del análisis, conllevando a un posible código de desaneamiento (string)

}

]

id : CVE-2020-7676 (string)

lastModified : 2024-11-21T05:37:35.460 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 3.5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:S/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-06-08T14:15:13.133 (string)

references : [ »

0 : { »

source : report@snyk.io (string)

url : https://github.com/angular/angular.js/pull/17028%2C (string)

}

1 : { »

source : report@snyk.io (string)

url : https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

2 : { »

source : report@snyk.io (string)

url : https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

3 : { »

source : report@snyk.io (string)

url : https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

4 : { »

source : report@snyk.io (string)

url : https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

5 : { »

source : report@snyk.io (string)

url : https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

6 : { »

source : report@snyk.io (string)

url : https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

7 : { »

source : report@snyk.io (string)

url : https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E (string)

}

8 : { »

source : report@snyk.io (string)

url : https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

9 : { »

source : report@snyk.io (string)

url : https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E (string)

}

10 : { »

source : report@snyk.io (string)

url : https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

11 : { »

source : report@snyk.io (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://github.com/angular/angular.js/pull/17028%2C (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 (string)

}

]

sourceIdentifier : report@snyk.io (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2021:0417", "cpe": "cpe:/a:redhat:amq_broker:7", "product_name": "Red Hat AMQ 7.8.1", "release_date": "2021-02-04T00:00:00Z"}, {"advisory": "RHSA-2020:5249", "cpe": "cpe:/a:redhat:ansible_tower:3.7::el7", "package": "ansible-tower-37/ansible-tower-rhel7:3.7.4-1", "product_name": "Red Hat Ansible Tower 3.7 for RHEL 7", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5568", "cpe": "cpe:/a:redhat:jboss_fuse:7", "product_name": "Red Hat Fuse 7.8.0", "release_date": "2020-12-16T00:00:00Z"}, {"advisory": "RHSA-2021:0974", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "impact": "low", "package": "angular", "product_name": "Red Hat Single Sign-On 7.4.6", "release_date": "2021-03-23T00:00:00Z"}, {"advisory": "RHSA-2021:0967", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el6", "impact": "low", "package": "rh-sso7-keycloak-0:9.0.12-1.redhat_00001.1.el6sso", "product_name": "Red Hat Single Sign-On 7.4 for RHEL 6", "release_date": "2021-03-23T00:00:00Z"}, {"advisory": "RHSA-2021:0968", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el7", "impact": "low", "package": "rh-sso7-keycloak-0:9.0.12-1.redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.4 for RHEL 7", "release_date": "2021-03-23T00:00:00Z"}, {"advisory": "RHSA-2021:0969", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el8", "impact": "low", "package": "rh-sso7-keycloak-0:9.0.12-1.redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.4 for RHEL 8", "release_date": "2021-03-23T00:00:00Z"}], "bugzilla": {"description": "nodejs-angular: XSS due to regex-based HTML replacement", "id": "1849206", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849206"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping \"<option>\" elements in \"<select>\" ones changes parsing behavior, leading to possibly unsanitizing code.", "A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping \"\\<option\\>\" elements in \"\\<select\\>\" ones changes parsing behavior, leading to possibly unsanitizing code."], "name": "CVE-2020-7676", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:1", "fix_state": "Will not fix", "package_name": "servicemesh-grafana", "product_name": "OpenShift Service Mesh 1"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Affected", "package_name": "angularjs", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Out of support scope", "package_name": "angular", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "package_name": "angularjs", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "kibana", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "openshift3/grafana", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "kibana", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "logging-kibana5-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-grafana", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-logging-kibana6", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Out of support scope", "package_name": "angular", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Will not fix", "package_name": "angular", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Storage 3"}], "public_date": "2020-05-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-7676\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-7676\nhttps://snyk.io/vuln/SNYK-JS-ANGULAR-570058"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2021:0417 (string)

cpe : cpe:/a:redhat:amq_broker:7 (string)

product_name : Red Hat AMQ 7.8.1 (string)

release_date : 2021-02-04T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2020:5249 (string)

cpe : cpe:/a:redhat:ansible_tower:3.7::el7 (string)

package : ansible-tower-37/ansible-tower-rhel7:3.7.4-1 (string)

product_name : Red Hat Ansible Tower 3.7 for RHEL 7 (string)

release_date : 2020-11-30T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2020:5568 (string)

cpe : cpe:/a:redhat:jboss_fuse:7 (string)

product_name : Red Hat Fuse 7.8.0 (string)

release_date : 2020-12-16T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2021:0974 (string)

cpe : cpe:/a:redhat:red_hat_single_sign_on:7 (string)

impact : low (string)

package : angular (string)

product_name : Red Hat Single Sign-On 7.4.6 (string)

release_date : 2021-03-23T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2021:0967 (string)

cpe : cpe:/a:redhat:red_hat_single_sign_on:7::el6 (string)

impact : low (string)

package : rh-sso7-keycloak-0:9.0.12-1.redhat_00001.1.el6sso (string)

product_name : Red Hat Single Sign-On 7.4 for RHEL 6 (string)

release_date : 2021-03-23T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2021:0968 (string)

cpe : cpe:/a:redhat:red_hat_single_sign_on:7::el7 (string)

impact : low (string)

package : rh-sso7-keycloak-0:9.0.12-1.redhat_00001.1.el7sso (string)

product_name : Red Hat Single Sign-On 7.4 for RHEL 7 (string)

release_date : 2021-03-23T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2021:0969 (string)

cpe : cpe:/a:redhat:red_hat_single_sign_on:7::el8 (string)

impact : low (string)

package : rh-sso7-keycloak-0:9.0.12-1.redhat_00001.1.el8sso (string)

product_name : Red Hat Single Sign-On 7.4 for RHEL 8 (string)

release_date : 2021-03-23T00:00:00Z (string)

}

]

bugzilla : { »

description : nodejs-angular: XSS due to regex-based HTML replacement (string)

id : 1849206 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1849206 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 5.4 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

status : verified (string)

}

cwe : CWE-79 (string)

details : [ »

0 : angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code. (string)

1 : A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "\<option\>" elements in "\<select\>" ones changes parsing behavior, leading to possibly unsanitizing code. (string)

]

name : CVE-2020-7676 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:service_mesh:1 (string)

fix_state : Will not fix (string)

package_name : servicemesh-grafana (string)

product_name : OpenShift Service Mesh 1 (string)

}

1 : { »

cpe : cpe:/a:redhat:amq_broker:7 (string)

fix_state : Affected (string)

package_name : angularjs (string)

product_name : Red Hat AMQ Broker 7 (string)

}

2 : { »

cpe : cpe:/a:redhat:jboss_enterprise_brms_platform:7 (string)

fix_state : Out of support scope (string)

package_name : angular (string)

product_name : Red Hat Decision Manager 7 (string)

}

3 : { »

cpe : cpe:/a:redhat:jboss_fuse:7 (string)

fix_state : Affected (string)

package_name : angularjs (string)

product_name : Red Hat Fuse 7 (string)

}

4 : { »

cpe : cpe:/a:redhat:openshift:3.11 (string)

fix_state : Will not fix (string)

package_name : kibana (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

}

5 : { »

cpe : cpe:/a:redhat:openshift:3.11 (string)

fix_state : Will not fix (string)

package_name : openshift3/grafana (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

}

6 : { »

cpe : cpe:/a:redhat:openshift:4 (string)

fix_state : Will not fix (string)

package_name : kibana (string)

product_name : Red Hat OpenShift Container Platform 4 (string)

}

7 : { »

cpe : cpe:/a:redhat:openshift:4 (string)

fix_state : Will not fix (string)

package_name : logging-kibana5-container (string)

product_name : Red Hat OpenShift Container Platform 4 (string)

}

8 : { »

cpe : cpe:/a:redhat:openshift:4 (string)

fix_state : Will not fix (string)

package_name : openshift4/ose-grafana (string)

product_name : Red Hat OpenShift Container Platform 4 (string)

}

9 : { »

cpe : cpe:/a:redhat:openshift:4 (string)

fix_state : Will not fix (string)

package_name : openshift4/ose-logging-kibana6 (string)

product_name : Red Hat OpenShift Container Platform 4 (string)

}

10 : { »

cpe : cpe:/a:redhat:jboss_enterprise_bpms_platform:7 (string)

fix_state : Out of support scope (string)

package_name : angular (string)

product_name : Red Hat Process Automation 7 (string)

}

11 : { »

cpe : cpe:/a:redhat:quay:3 (string)

fix_state : Will not fix (string)

package_name : angular (string)

product_name : Red Hat Quay 3 (string)

}

12 : { »

cpe : cpe:/a:redhat:storage:3 (string)

fix_state : Affected (string)

package_name : grafana (string)

product_name : Red Hat Storage 3 (string)

}

]

public_date : 2020-05-19T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2020-7676 https://nvd.nist.gov/vuln/detail/CVE-2020-7676 https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object