CVE-2024-8372 - Medium Severity Vulnerability
Vulnerable Libraries - angular-sanitize-1.8.3.tgz, angular-animate-1.8.3.tgz, angular-1.8.3.tgz, angular-resource-1.8.3.tgz, angular-messages-1.8.3.tgz, angular-cookies-1.8.3.tgz
angular-sanitize-1.8.3.tgz
AngularJS module for sanitizing HTML
Library home page: https://registry.npmjs.org/angular-sanitize/-/angular-sanitize-1.8.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
- ❌ angular-sanitize-1.8.3.tgz (Vulnerable Library)
angular-animate-1.8.3.tgz
AngularJS module for animations
Library home page: https://registry.npmjs.org/angular-animate/-/angular-animate-1.8.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
- ❌ angular-animate-1.8.3.tgz (Vulnerable Library)
angular-1.8.3.tgz
HTML enhanced for web apps
Library home page: https://registry.npmjs.org/angular/-/angular-1.8.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
- ❌ angular-1.8.3.tgz (Vulnerable Library)
angular-resource-1.8.3.tgz
AngularJS module for interacting with RESTful server-side data sources
Library home page: https://registry.npmjs.org/angular-resource/-/angular-resource-1.8.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
- ❌ angular-resource-1.8.3.tgz (Vulnerable Library)
angular-messages-1.8.3.tgz
AngularJS module that provides enhanced support for displaying messages within templates
Library home page: https://registry.npmjs.org/angular-messages/-/angular-messages-1.8.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
- ❌ angular-messages-1.8.3.tgz (Vulnerable Library)
angular-cookies-1.8.3.tgz
AngularJS module for cookies
Library home page: https://registry.npmjs.org/angular-cookies/-/angular-cookies-1.8.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
- ❌ angular-cookies-1.8.3.tgz (Vulnerable Library)
Found in HEAD commit: 5def65f0b4206a5ad7d8195b61a34437fb09ec9d
Found in base branch: master
Vulnerability Details
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .
This issue affects AngularJS versions 1.3.0-rc.4 and greater.
Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2024-09-09
URL: CVE-2024-8372
CVSS 3 Score Details (4.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Step up your Open Source Security Game with Mend here
CVE-2024-8372 - Medium Severity Vulnerability
angular-sanitize-1.8.3.tgz
AngularJS module for sanitizing HTML
Library home page: https://registry.npmjs.org/angular-sanitize/-/angular-sanitize-1.8.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
angular-animate-1.8.3.tgz
AngularJS module for animations
Library home page: https://registry.npmjs.org/angular-animate/-/angular-animate-1.8.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
angular-1.8.3.tgz
HTML enhanced for web apps
Library home page: https://registry.npmjs.org/angular/-/angular-1.8.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
angular-resource-1.8.3.tgz
AngularJS module for interacting with RESTful server-side data sources
Library home page: https://registry.npmjs.org/angular-resource/-/angular-resource-1.8.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
angular-messages-1.8.3.tgz
AngularJS module that provides enhanced support for displaying messages within templates
Library home page: https://registry.npmjs.org/angular-messages/-/angular-messages-1.8.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
angular-cookies-1.8.3.tgz
AngularJS module for cookies
Library home page: https://registry.npmjs.org/angular-cookies/-/angular-cookies-1.8.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in HEAD commit: 5def65f0b4206a5ad7d8195b61a34437fb09ec9d
Found in base branch: master
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .
This issue affects AngularJS versions 1.3.0-rc.4 and greater.
Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2024-09-09
URL: CVE-2024-8372
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here