Описание
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| angular.js | fixed | 1.5.3-2 | package |
Примечания
https://snyk.io/vuln/npm:angular:20150807
https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a
https://github.com/angular/angular.js/pull/12524
Связанные уязвимости
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes