56 matches found
CVE-2024-54152
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...
CVE-2021-21277
angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...
CVE-2020-5219
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...
Arbitrary Code Execution (ACE)
angular-expressions is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to ability to escape the sandbox through a malicious expression, allowing an attacker to execute arbitrary code on the system...
@algotech-ce/business (>=1.0.1445 <=4.1.118), @algotech-ce/interpretor (>=2.0.0 <=4.1.62) +35 more potentially affected by CVE-2024-54152 via angular-expressions (>=0.1.0 <=1.2.1)
angular-expressions NPM version =0.1.0, =1.0.1445, =2.0.0, =2.7.9, =2.11.5, =1.0.2, =1.8.0, =1.0.0, =1.0.0, =0.5.2, =0.7.6, =0.7.10 and more Source cves: CVE-2024-54152 Source advisory: OSV:GHSA-5462-4VCX-JH7J...
Angular Expressions - Remote Code Execution when using locals
Impact An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. Example of vulnerable code: js const expressions = require"angular-expressions"; const result = expressions.compile"proto.constructor", ; // result should be undefined, however fo...
GHSA-5462-4VCX-JH7J Angular Expressions - Remote Code Execution when using locals
Impact An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. Example of vulnerable code: js const expressions = require"angular-expressions"; const result = expressions.compile"proto.constructor", ; // result should be undefined, however fo...
CVE-2024-54152
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...
UBUNTU-CVE-2024-54152
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...
CVE-2024-54152 Angular Expressions - Remote Code Execution when using locals
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...
CVE-2024-54152 Angular Expressions - Remote Code Execution when using locals
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...
CVE-2024-54152
CVE-2024-54152 affects angular-expressions (Angular Expressions) prior to version 1.4.3. A malicious expression can escape the sandbox and enable arbitrary code execution; a more complex payload may grant full control. The issue is fixed in 1.4.3. Workarounds include disabling global access to pr...
CVE-2024-54152 Angular Expressions - Remote Code Execution when using locals
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...
Remote Code Execution
Overview Affected versions of angular-expressions are affected by a remote code execution vulnerability. Impact If you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input you are potentially impacted. The security of the package could be bypass...
CVE-2021-21277
angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...
CVE-2021-21277
angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...
Remote code execution
angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...
CVE-2021-21277 Angular Expressions - Remote Code Execution
angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...
CVE-2021-21277
The CVE-2021-21277 issue affects angular-expressions prior to 1.1.2. Affected component: the expressions.compile(userControlledInput) path, where user input can bypass security via a complex payload (notably using the .constructor.constructor technique). In the browser, this could run arbitrary b...
@openagenda/agenda-docx (>=1.0.2 <=1.2.2), @patrickkeller/fishy-templater (=1.0.0) +30 more potentially affected by CVE-2021-21277 via angular-expressions (>=0.1.0 <=1.0.0)
angular-expressions NPM version =0.1.0, =1.0.2, =1.8.0, =1.0.0, =1.0.0, =0.5.2, =0.7.6, =1.4.0, =0.1.0, =0.2.1 and more Source cves: CVE-2021-21277 Source advisory: OSV:GHSA-J6PX-JWVV-VPWQ...