Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
23 Jan 2017
7 Jun 2014
How to fix?
AngularJS.Core to version 1.3.0 or higher.
AngularJS.Core is an AngularJS.* package for other Angular modules within .NET.
Affected versions of this package are vulnerable to Arbitrary Code Execution.
$parse allowed arbitrary code execution via Angular expressions under some very specific conditions. The only applications affected by these vulnerabilities are those that match all of the following conditions:
- Application mixes server-side and client-side templating
- The server-side templating contains XSS vulnerabilities
- The vulnerabilities in the server-side templating are being guarded by server-side XSS filters or on the client-side via CSP
- The server-side XSS vulnerabilities can be used to augment the client-side template processed by Angular
Applications not meeting all of the conditions are not vulnerable.