Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .
This issue affects AngularJS versions 1.3.0-rc.4 and greater.
Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 13:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Tue, 17 Sep 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:a:angularjs:angular.js:1.3.0:rc4:*:*:*:*:*:* cpe:2.3:a:angularjs:angular.js:1.3.0:rc5:*:*:*:*:*:* |
Mon, 09 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Angularjs
Angularjs angular.js |
|
CPEs | cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:* | |
Vendors & Products |
Angularjs
Angularjs angular.js |
|
Metrics |
ssvc
|
Mon, 09 Sep 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . | |
Title | AngularJS improper sanitization in 'srcset' attribute | |
Weaknesses | CWE-1289 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: HeroDevs
Published: 2024-09-09T14:46:03.134Z
Updated: 2024-11-22T12:04:51.702Z
Reserved: 2024-09-02T08:44:11.786Z
Link: CVE-2024-8372
Vulnrichment
Updated: 2024-11-22T12:04:51.702Z
NVD
Status : Modified
Published: 2024-09-09T15:15:12.560
Modified: 2024-11-22T12:15:19.807
Link: CVE-2024-8372
Redhat
No data.