Improper Validation of Unsafe Equivalence in Input Affecting angular package, versions >=1.3.0-rc.5
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-ANGULAR-7924843
- published 9 Sep 2024
- disclosed 9 Sep 2024
- credit Unknown
Introduced: 9 Sep 2024
New CVE-2024-8372 Open this link in a new tabHow to fix?
There is no fixed version for angular
.
Overview
angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly.
Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the srcset
attribute, which allows bypassing the imgSrcSanitizationTrustedUrlList
allowlist. An attacker can manipulate the content presented to other users by setting a srcset
value to retrieve data from an unintended domain.