Incomplete Filtering of Special Elements Affecting angular package, versions *


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of Concept
EPSS
0.02% (3rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JS-ANGULAR-9919773
  • published2 May 2025
  • disclosed29 Apr 2025
  • creditGeorge Kalpakas

Introduced: 29 Apr 2025

NewCVE-2025-0716  (opens in a new tab)
CWE-791  (opens in a new tab)

How to fix?

There is no fixed version for angular.

Overview

angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly.

Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements due to improper sanitization of the href and xlink:href attributes in <image> SVG elements. An attacker can bypass image source restrictions and negatively affect the application's performance and behavior by using too large or slow-to-load images.

Note:

The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

CVSS Base Scores

version 4.0
version 3.1