Incomplete Filtering of Special Elements Affecting org.webjars.bower:angular package, versions [0,]


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of Concept
EPSS
0.02% (3rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-ORGWEBJARSBOWER-9919774
  • published2 May 2025
  • disclosed29 Apr 2025
  • creditGeorge Kalpakas

Introduced: 29 Apr 2025

NewCVE-2025-0716  (opens in a new tab)
CWE-791  (opens in a new tab)

How to fix?

There is no fixed version for org.webjars.bower:angular.

Overview

org.webjars.bower:angular is a bower WebJar for angular.

Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements due to improper sanitization of the href and xlink:href attributes in <image> SVG elements. An attacker can bypass image source restrictions and negatively affect the application's performance and behavior by using too large or slow-to-load images.

Note:

The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

CVSS Base Scores

version 4.0
version 3.1