angular-expressions@0.1.0 vulnerabilities

Angular expressions as standalone module

Direct Vulnerabilities

Known vulnerabilities in the angular-expressions package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Remote Code Execution (RCE)

angular-expressions is an Angular expression as standalone module.

Affected versions of this package are vulnerable to Remote Code Execution (RCE) via expressions.compile().

How to fix Remote Code Execution (RCE)?

Upgrade angular-expressions to version 1.1.2 or higher.

<1.1.2
  • H
Remote Code Execution (RCE)

angular-expressions is an Angular expression as standalone module.

Affected versions of this package are vulnerable to Remote Code Execution (RCE) when expressions.compile(userControlledInput) is called where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution.

How to fix Remote Code Execution (RCE)?

Upgrade angular-expressions to version 1.0.1 or higher.

<1.0.1