7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
44.9%
Versions of angular
prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function merge()
does not restrict the modification of an Object’s prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.
Upgrade to version 1.7.9 or later. The function was already deprecated and upgrades are not expected to break functionality.
github.com/advisories/GHSA-89mq-4x47-5v83
github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
github.com/angular/angular.js/pull/16913
lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2019-10768
snyk.io/vuln/SNYK-JS-ANGULAR-534884
www.npmjs.com/advisories/1343
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
44.9%