CVE-2021-21277 Angular Expressions - Remote Code Execution

angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...

GHSA-J6PX-JWVV-VPWQ Angular Expressions - Remote Code Execution

Impact The vulnerability, reported by GoSecure Inc, allows Remote Code Execution, if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. This time, the security of the package could be bypassed by using a more complex payload, using a...

@openagenda/agenda-docx (>=1.0.2 <=1.2.2), @patrickkeller/fishy-templater (=1.0.0) +30 more potentially affected by CVE-2021-21277 via angular-expressions (>=0.1.0 <=1.0.0)

angular-expressions NPM version =0.1.0, =1.0.2, =1.8.0, =1.0.0, =1.0.0, =0.5.2, =0.7.6, =1.4.0, =0.1.0, =0.2.1 and more Source cves: CVE-2021-21277 Source advisory: OSV:GHSA-J6PX-JWVV-VPWQ...

Angular Expressions - Remote Code Execution

Impact The vulnerability, reported by GoSecure Inc, allows Remote Code Execution, if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. This time, the security of the package could be bypassed by using a more complex payload, using a...

Peerigon angular-expressions code injection vulnerability

Peerigon angular-expressions is a Javascript-based codebase that can be used to extract browser nodes from Peerigon, Germany. A code injection vulnerability exists in angular-expressions 1.1.2, which allows remote code execution and can be exploited by an attacker to run any browser script...

PT-2021-14383 · Unknown · Angular-Expressions

Name of the Vulnerable Software and Affected Versions: angular-expressions versions prior to 1.1.2 Description: The issue allows Remote Code Execution if expressions.compileuserControlledInput is called where userControlledInput is text that comes from user input. The security of the package coul...

Scullyio Scully 注入漏洞

Scullyio Scully is a Typescript-based software for building Angular applications organized by Scullyio.Scully pre-renders every page in the application as plain HTML and CSS.To do this, Scully uses guessjs to find all the routes in the project. Scully then accesses each route, renders the view an...

kinvey-angular-sdk (>=3.4.0 <=3.5.3), kinvey-angular2-sdk (>=3.4.1 <=3.5.2) +6 more potentially affected by CVE-2020-7741 via hellojs (>=1.13.1 <=1.14.1)

hellojs NPM version =1.13.1, =3.4.0, =3.4.1, =3.4.1, =3.4.0, =3.4.1, =3.4.0, =3.4.0, =3.4.1, =3.5.2 Source cves: CVE-2020-7741 Source advisory: OSV:GHSA-7JH9-6CPF-H4M7...

nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

kinvey-angular-sdk (>=3.4.0 <=3.5.3), kinvey-angular2-sdk (>=3.4.1 <=3.5.2) +6 more potentially affected by CVE-2020-7741 via hellojs (>=1.13.1 <=1.14.1)

hellojs NPM version =1.13.1, =3.4.0, =3.4.1, =3.4.1, =3.4.0, =3.4.1, =3.4.0, =3.4.0, =3.4.1, =3.5.2 Source cves: CVE-2020-7741 Source advisory: SNYK:JS-HELLOJS-1014546...

Malicious Package in angular-location-update

Version 0.0.3 of angular-location-update contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...

GHSA-53JX-4WWH-GCQJ Malicious Package in angular-location-update

Version 0.0.3 of angular-location-update contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...

Malicious Package in angluar-cli

Version 0.0.3 of angluar-cli contains malicious code as a postinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed the package attempts to remove files and stop processes related to McAfee antivirus...

@ionic/angular (>=4.3.0 <=4.3.1-dev.201904231448.eb3cbe4), dos-wc-library (>=0.7.7 <=0.7.21) potentially affected by unknown CVE via @ionic/core (>=4.3.0 <=4.3.1-dev.201904231448.eb3cbe4)

@ionic/core NPM version =4.3.0, =4.3.0, =0.7.7, =0.7.21 Source cves: unknown CVE Source advisory: OSV:GHSA-R3XC-47QG-H929...

Malicious Package in angular-material-sidenav-rnd

Version 0.1.1 of angular-material-sidenav-rnd contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.1.1 of this module is found...

GHSA-QMXF-FXQ7-W59F Malicious Package in angular-material-sidenav-rnd

Version 0.1.1 of angular-material-sidenav-rnd contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.1.1 of this module is found...

Malicious Package in angular-bmap

Version 0.0.9 of angular-bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.9 of this module is found installed you wil...

GHSA-W8HG-MXVH-9H57 Malicious Package in angular-bmap

Version 0.0.9 of angular-bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.9 of this module is found installed you wil...

XSS via Angular Expression in ag-grid

Affected versions of ag-grid are vulnerable to Cross-site Scripting XSS via Angular Expressions, if used in combination with AngularJS. Recommendation Avoid using ag-grid in combination with AngularJS until a fix is available...

@corex/argon-theme (>=1.1.1 <=1.1.33), @creative-tim-official/argon-dashboard-free (=1.2.0) +14 more potentially affected by CVE-2016-1000227 via bootstrap-tagsinput (=0.7.1)

bootstrap-tagsinput NPM version =0.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on bootstrap-tagsinput and may be impacted: - @corex/argon-theme =1.1.1, =0.27.0, =0.0.1, =0.1.0, =3.0.0, =1.2.0, =0.1.0, =0.2.0, =0.1.1, =1.2.6, =1.4.0, =0.1.89, =0.2....