1344 matches found
GHSA-5462-4VCX-JH7J Angular Expressions - Remote Code Execution when using locals
Impact An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. Example of vulnerable code: js const expressions = require"angular-expressions"; const result = expressions.compile"proto.constructor", ; // result should be undefined, however fo...
@algotech-ce/business (>=1.0.1445 <=4.1.118), @algotech-ce/interpretor (>=2.0.0 <=4.1.62) +35 more potentially affected by CVE-2024-54152 via angular-expressions (>=0.1.0 <=1.2.1)
angular-expressions NPM version =0.1.0, =1.0.1445, =2.0.0, =2.7.9, =2.11.5, =1.0.2, =1.8.0, =1.0.0, =1.0.0, =0.5.2, =0.7.6, =0.7.10 and more Source cves: CVE-2024-54152 Source advisory: OSV:GHSA-5462-4VCX-JH7J...
Angular Expressions - Remote Code Execution when using locals
Impact An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. Example of vulnerable code: js const expressions = require"angular-expressions"; const result = expressions.compile"proto.constructor", ; // result should be undefined, however fo...
CVE-2024-54152
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...
UBUNTU-CVE-2024-54152
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...
CVE-2024-54152
CVE-2024-54152 affects angular-expressions (Angular Expressions) prior to version 1.4.3. A malicious expression can escape the sandbox and enable arbitrary code execution; a more complex payload may grant full control. The issue is fixed in 1.4.3. Workarounds include disabling global access to pr...
CVE-2024-54152 Angular Expressions - Remote Code Execution when using locals
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...
CVE-2024-54152 Angular Expressions - Remote Code Execution when using locals
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...
CVE-2024-54152 Angular Expressions - Remote Code Execution when using locals
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...
Angular 代码注入漏洞
Angular is a development platform. for building mobile and desktop web applications using Typescript / JavaScript and other languages. A code injection vulnerability exists in Angular 1.4.2 and earlier versions, which stems from the fact that an attacker can write a malicious expression to break...
Malicious code in oneui-angular (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-11412 Malicious code in oneui-angular (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in flutter-angular-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f9260d321765ddb3fe1ce34c703f7caa0678c61f5701aa82730d092fcb83373 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11142 Malicious code in flutter-angular-bridge (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f9260d321765ddb3fe1ce34c703f7caa0678c61f5701aa82730d092fcb83373 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Exploit for CVE-2024-42640
CVE-2024-42640 Unauthenticated Remote Code Execution via Angul...
Malicious code in @fhnw/angular-app-configuration (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 48cd6f8295f6741b9e52645ffbbb0792c303dc53b7371dbd456a13ea90d952a5 The OpenSSF Package Analysis project identified '@fhnw/angular-app-configuration' @ 1.0.4 npm as malicious. It is considered malicious because: ...
CVE-2024-50577
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings...
CVE-2024-50577
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings...
EUVD-2024-44958
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings...
CVE-2024-50577
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings...