angular-expressions is vulnerable to remote code execution (RCE). The vulnerability exists through the use of the .constructor.constructor
technique passed into the expressions.compile
function.
CPE | Name | Operator | Version |
---|---|---|---|
angular-expressions | le | 1.1.1 | |
angular-expressions | eq | 0.3.0 |