Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
History

Fri, 22 Nov 2024 13:00:00 +0000

Type Values Removed Values Added
References

Tue, 17 Sep 2024 17:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:angularjs:angular.js:1.3.0:rc4:*:*:*:*:*:*
cpe:2.3:a:angularjs:angular.js:1.3.0:rc5:*:*:*:*:*:*

Mon, 09 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Angularjs
Angularjs angular.js
CPEs cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:*
Vendors & Products Angularjs
Angularjs angular.js
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 09 Sep 2024 15:00:00 +0000

Type Values Removed Values Added
Description Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Title AngularJS improper sanitization in 'srcset' attribute
Weaknesses CWE-1289
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: HeroDevs

Published: 2024-09-09T14:46:03.134Z

Updated: 2024-11-22T12:04:51.702Z

Reserved: 2024-09-02T08:44:11.786Z

Link: CVE-2024-8372

cve-icon Vulnrichment

Updated: 2024-11-22T12:04:51.702Z

cve-icon NVD

Status : Modified

Published: 2024-09-09T15:15:12.560

Modified: 2024-11-22T12:15:19.807

Link: CVE-2024-8372

cve-icon Redhat

No data.