Untriaged
Permalink
CVE-2024-8373
4.8 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): LOW
AngularJS improper sanitization in '<source>' element
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
References
- https://www.herodevs.com/vulnerability-directory/cve-2024-8373 third-party-advisory
- https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b technical-description exploit
- https://www.herodevs.com/vulnerability-directory/cve-2024-8373 third-party-advisory
- https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b technical-description exploit
- https://security.netapp.com/advisory/ntap-20241122-0003/
- https://www.herodevs.com/vulnerability-directory/cve-2024-8373 third-party-advisory
- https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b technical-description exploit
- https://security.netapp.com/advisory/ntap-20241122-0003/
- https://www.herodevs.com/vulnerability-directory/cve-2024-8373 third-party-advisory
- https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b technical-description exploit
- https://security.netapp.com/advisory/ntap-20241122-0003/
- https://www.herodevs.com/vulnerability-directory/cve-2024-8373 third-party-advisory
- https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b technical-description exploit
- https://security.netapp.com/advisory/ntap-20241122-0003/
- https://www.herodevs.com/vulnerability-directory/cve-2024-8373 third-party-advisory
- https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b technical-description exploit
- https://security.netapp.com/advisory/ntap-20241122-0003/
- https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
Affected products
angular
- ==>=0.0.0
AngularJS
- *
- ==>=0.0.0
angular.js
- *
Matching in nixpkgs
pkgs.angular-language-server
LSP for angular completions, AOT diagnostic, quick info and go to definitions
-
nixos-unstable -
- nixpkgs-unstable 20.2.1
pkgs.nodePackages.%40angular%2Fcli
CLI tool for Angular
-
nixos-unstable -
- nixpkgs-unstable 19.2.3
pkgs.nodePackages_latest.%40angular%2Fcli
CLI tool for Angular
-
nixos-unstable -
- nixpkgs-unstable 19.2.3
Package maintainers
-
@tricktron Thibault Gagnaux <tgagnaux@gmail.com>