<p>Upgrade <code>org.webjars.bower:angular</code> to version 1.1.5 or higher.</p>

Arbitrary Script Injection Affecting org.webjars.bower:angular package, versions (,1.1.5)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGWEBJARSBOWER-479427
published 23 Jan 2017
disclosed 24 Jun 2013
credit Chirayu Krishnappa, Igor Minar

Report a new vulnerability Found a mistake?

Introduced: 24 Jun 2013

CWE-78 Open this link in a new tab

How to fix?

Upgrade org.webjars.bower:angular to version 1.1.5 or higher.

Overview

org.webjars.bower:angular is a bower WebJar for angular.

Affected versions of this package are vulnerable to Arbitrary Script Injection due to improper sanitization of the $event object passed to the native constructor functions. That isn't protected by the fast paths in $parse.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

High
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

High
Integrity (I)

High
Availability (A)

High

Arbitrary Script Injection Affecting org.webjars.bower:angular package, versions (,1.1.5)

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 24 Jun 2013

How to fix?

Overview

References

CVSS Scores

Snyk