Angular-translate 跨站脚本漏洞

angular-translate is an AngularJS module in the angular-translate open source. A cross-site scripting vulnerability exists in Angular-translate version 2.19.1 and earlier, which stems from allowing cross-site scripting attacks via a crafted key used by the Translate command...

PT-2024-25422 · Unknown · Angular-Translate

Name of the Vulnerable Software and Affected Versions: angular-translate versions through 2.19.1 Description: The issue allows for XSS attacks via a crafted key used by the translate directive. The vendor notes that there is no documentation indicating a key is supposed to be safe against XSS...

Malicious code in ui-common-components-angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0d823ab954cd19f85bb933d25f8230386023a6a1fd15430efce0298f6a25aa9 The OpenSSF Package Analysis project identified 'ui-common-components-angular' @ 1.3.1 npm as malicious. It is considered malicious because: - T...

@bidvine/react-summernote (=2.0.2), @uday_test/wm_codegen_angular_app (=0.0.0) +14 more potentially affected by CVE-2024-29504 via summernote (>=0.5.9 <=0.8.18)

summernote NPM version =0.5.9, =1.0.2, =4.8.14, =4.9.23, =4.9.23, =4.9.23, =4.9.23, =5.0.6, =1.0.0, =0.0.1, =1.2.1 - wm-ng-webcomponent =1.0.1 and more Source cves: CVE-2024-29504 Source advisory: OSV:GHSA-4WH3-3WF2-39M9...

@angular-devkit/build-angular (>=17.1.0-next.1 <=18.0.0-next.1), @directus/api (>=15.0.0 <=19.0.2) +25 more potentially affected by CVE-2024-30260 via undici (>=6.0.1 <=6.10.2)

undici NPM version =6.0.1, =17.1.0-next.1, =15.0.0, =10.0.15, =1.0.7, =18.0.0-next.3, =18.0.0-next.3, =1.0.0-alpha.22, =1.0.0-alpha.22, =1.0.0-alpha.22, =1.0.5, =1.0.6 and more Source cves: CVE-2024-30260 Source advisory: OSV:GHSA-M4V8-WQVR-P9F7...

@angular-devkit/build-angular (>=18.0.0 <=18.1.0-next.2), @angular/build (>=18.0.0 <=18.1.0-next.2) +92 more potentially affected by CVE-2024-31207 via vite (>=5.2.0 <=5.2.4)

vite NPM version =5.2.0, =18.0.0, =18.0.0, =5.0.0-alpha.4, =1.0.0, =0.1.0-rc.8, =1.0.12, =3.32.0-rc.2, =8.31.0, =18.0.0-next.1, =18.0.0-next.1, =3.0.2, =3.5.0, =4.1.0, =34.0.0, =39.1.8 and more Source cves: CVE-2024-31207 Source advisory: OSV:GHSA-8JHW-289H-JH2G...

Regular Expression Denial Of Service (ReDoS)

angular is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression backtracking in the ng-srcset directive. This potentially leads to Regular Expression Denial of Service ReDoS...

@angular-architects/build-angular (=16.2.0-next.2), @angular-devkit/build-angular (>=15.1.0 <=17.3.1) +165 more potentially affected by CVE-2024-29180 via webpack-dev-middleware (>=6.0.0 <=6.1.1)

webpack-dev-middleware NPM version =6.0.0, =15.1.0, =9.3.0, =1.12.3, =4.20.4, =0.1.0, =3.1.0, =3.0.0-alpha.14, =15.1.0, =16.0.0-next.6, =2.6.0, =8.4.0, =7.0.0-rc.11, =7.0.0-rc.16 and more Source cves: CVE-2024-29180 Source advisory: OSV:GHSA-WR3J-PWJ9-HQQ6...

SUSE CVE-2024-21490

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...

org.webjars:angular-markdown-directive (=0.3.0) potentially affected by CVE-2024-1899 via org.webjars:showdown (=0.3.1)

org.webjars:showdown MAVEN version =0.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars:showdown and may be impacted: - org.webjars:angular-markdown-directive =0.3.0 Source cves: CVE-2024-1899 Source advisory: SNYK:JAVA-ORGWEBJARS-8685134...

CVE-2024-21490

An Inefficient Regular Expression Complexity vulnerability was found in NodeJS Angular. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking, leading to denial of service. Mitigation Mitigation for this issue is either n...

com.github.grantlittle:bdd-reporting-server (>=0.1.5 <=0.1.7), com.github.grantlittle:bdd-reporting-service (=0.1.9) +654 more potentially affected by CVE-2024-21490 via org.webjars.bower:angular (>=1.3.0 <=1.8.3)

org.webjars.bower:angular MAVEN version =1.3.0, =0.1.5, =1.1.0, =0.4.4, =0.4.4, =0.3.5, =0.4.1, =0.4.4, =0.3.5, =0.4.4, =0.5.1 and more Source cves: CVE-2024-21490 Source advisory: OSV:GHSA-4W4V-5HC9-XRR2...

angular vulnerable to super-linear runtime due to backtracking

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of...

net.aequologica.neo:dagr-vebchar (=0.5.2-alpha), net.aequologica.neo:dagr-web (=0.5.2-alpha) +107 more potentially affected by CVE-2024-21490 via org.webjars.npm:angular (>=1.3.17 <=1.8.3)

org.webjars.npm:angular MAVEN version =1.3.17, =0.5.2, =0.5.2, =5.2.0-RC1, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =0.4.0, =1.1.3 and more Source cves: CVE-2024-21490 Source advisory: OSV:GHSA-4W4V-5HC9-XRR2...

GHSA-4W4V-5HC9-XRR2 angular vulnerable to super-linear runtime due to backtracking

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of...

10.30.npm-learning (>=1.0.0 <=1.1.0), 2017_node (=1.0.0) +3265 more potentially affected by CVE-2024-21490 via angular (>=1.3.11 <=1.8.3)

angular NPM version =1.3.11, =1.0.0, =4.13.7-rc4, =1.103.1, =1.103.1, =1.102.4, =1.102.3, =1.102.3, =1.4.156, =1.0.3, =1.0.0, =1.0.0, =0.5.0, =0.5.2 and more Source cves: CVE-2024-21490 Source advisory: OSV:GHSA-4W4V-5HC9-XRR2...

DEBIAN-CVE-2024-21490

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...

CVE-2024-21490

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...

CVE-2024-21490

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...

CVE-2024-21490

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...