angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.
References
Link Providers
https://github.com/angular/angular.js/pull/17028%2C cve-icon cve-icon
https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-7676 cve-icon
https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-7676 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2020-06-08T13:34:09

Updated: 2024-08-04T09:41:01.655Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7676

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-06-08T14:15:13.133

Modified: 2024-11-21T05:37:35.460

Link: CVE-2020-7676

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-05-19T00:00:00Z

Links: CVE-2020-7676 - Bugzilla