org.webjars.npm:angular-expressions 0.3.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:angular-expressions package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Prototype Pollution org.webjars.npm:angular-expressions is an Angular expression as standalone module. Affected versions of this package are vulnerable to Prototype Pollution due to the improper handling of user input in the `compile` function. In some cases, an attacker can execute arbitrary code on the system by crafting a malicious expression that escapes the sandbox environment. How to fix Prototype Pollution? There is no fixed version for `org.webjars.npm:angular-expressions`.	[0,)
C Remote Code Execution (RCE) org.webjars.npm:angular-expressions is an Angular expression as standalone module. Affected versions of this package are vulnerable to Remote Code Execution (RCE) via `expressions.compile()`. How to fix Remote Code Execution (RCE)? There is no fixed version for `org.webjars.npm:angular-expressions`.	[0,)
H Remote Code Execution (RCE) org.webjars.npm:angular-expressions is an Angular expression as standalone module. Affected versions of this package are vulnerable to Remote Code Execution (RCE) when `expressions.compile`(userControlledInput) is called where `userControlledInput` is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls `expressions.compile`(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. How to fix Remote Code Execution (RCE)? There is no fixed version for `org.webjars.npm:angular-expressions`.	[0,)

Vulnerability

Vulnerable Version

Prototype Pollution

org.webjars.npm:angular-expressions is an Angular expression as standalone module.

Affected versions of this package are vulnerable to Prototype Pollution due to the improper handling of user input in the compile function. In some cases, an attacker can execute arbitrary code on the system by crafting a malicious expression that escapes the sandbox environment.

How to fix Prototype Pollution?

There is no fixed version for org.webjars.npm:angular-expressions.

[0,)

Remote Code Execution (RCE)

org.webjars.npm:angular-expressions is an Angular expression as standalone module.

Affected versions of this package are vulnerable to Remote Code Execution (RCE) via expressions.compile().

How to fix Remote Code Execution (RCE)?

There is no fixed version for org.webjars.npm:angular-expressions.

[0,)

Remote Code Execution (RCE)

org.webjars.npm:angular-expressions is an Angular expression as standalone module.

Affected versions of this package are vulnerable to Remote Code Execution (RCE) when expressions.compile(userControlledInput) is called where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution.

How to fix Remote Code Execution (RCE)?

There is no fixed version for org.webjars.npm:angular-expressions.

[0,)

org.webjars.npm:angular-expressions@0.3.0 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?