11 matches found
CVE-2019-10768
CVE-2019-10768 affects AngularJS before 1.7.9. The function merge() could be tricked into adding or modifying properties of Object.prototype via a proto payload, enabling prototype pollution. IBM/X-Force data in connected docs corroborates the vulnerability and the CVSS metrics (base scores 7.3 i...
CVE-2020-7676
CVE-2020-7676 is an AngularJS XSS vulnerability. AngularJS prior to 1.8.0 allows cross-site scripting due to regex-based HTML sanitization that may revert to unsanitized code; wrapping option elements in select can alter parsing and lead to unsanitized content being rendered. Connected documents ...
CVE-2021-4231
The CVE-2021-4231 entry corresponds to an Angular XSS vulnerability in the Angular versions up to 11.0.4 and 11.1.0-next.2, specifically affecting the handling of comments, where input could be crafted to execute script in a victim’s browser when rendering. The upstream patch fixes this by upgrad...
CVE-2022-25844
CVE-2022-25844 affects AngularJS (angular.js) 1.7.0 and newer, exploited via a ReDoS in a custom locale rule that enables a very large value for NUMBER_FORMATS.PATTERNS[1].posPre through posPre: ' '.repeat(). The CVE is noted as the package being deprecated. Debian advisory confirms a fix in angu...
CVE-2022-25869
CVE-2022-25869 affects multiple Angular/AngularJS packages with an XSS through insecure IE page caching that allows textarea interpolation. Connected IBM advisory confirms impact on IBM Storage Copy Data Management: affected versions 2.2.0.0–2.2.26.0, with a fix available in 2.2.27.0 for Linux pl...
CVE-2019-14863
CVE-2019-14863 affects AngularJS: all versions before 1.5.0-beta.0 are vulnerable to cross-site scripting due to unvalidated data delivered with trusted dynamic content after escaping context. The CVE is referenced in multiple sources (e.g., Ubuntu USN-7958-1, IBM Security Bulletins). Impact is c...
CVE-2023-26118
CVE-2023-26118 affects AngularJS (angular.js) via the URL validation function. The vulnerability arises from an insecure regular expression used in input[url], enabling a ReDoS with large crafted inputs and catastrophic backtracking. Public references confirm the issue in AngularJS versions arou...
CVE-2023-26117
CVE-2023-26117 affects angular.js: ReDoS via the $resource service caused by an insecure regular expression. Affected: angular.js versions starting at 1.0.0 (as cited). Potential impact is denial of service under large, crafted inputs due to catastrophic backtracking. Remediation details present ...
CVE-2023-26116
CVE-2023-26116 applies to AngularJS: versions of the angular package up to 1.2.21 are vulnerable to a Regular Expression Denial of Service via the angular.copy() function due to an insecure regex. Exploitation requires a large crafted input and can cause catastrophic backtracking, leading to deni...
CVE-2024-8372
CVE-2024-8372 affects AngularJS; the issue is an improper sanitization of the srcset value (and related attributes) in AngularJS’s HTML rendering, allowing attackers to bypass image source restrictions and potentially enable Content Spoofing. Affected versions include 1.3.0-rc.4 and later. The An...
CVE-2024-8373
CVE-2024-8373 affects AngularJS across distributions; root cause is improper sanitization of the srcset attribute in HTML elements, enabling potential Content Spoofing. Affected versions are older AngularJS; Debian LTS advisory (DLA-4242) fixes angular.js to 1.8.3-1+deb12u1~deb11u1, and related ...