CVE-2021-4231

Опубликовано: 15 дек. 2020

Источник: redhat

CVSS3: 3.9

EPSS Низкий

Описание

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.

A flaw was found in the angular/core package. Affected versions of this package are vulnerable to Cross-site scripting (XSS) in development, with Server-side rendering (SSR enabled).

Отчет

This flaw is out of support scope for dotnet-5.0, therefore it will not be addressed in this version of dotnet. For more information, please see https://access.redhat.com/support/policy/updates/net-core.

Затронутые пакеты

Платформа	Пакет	Состояние
.NET Core 3.1 on Red Hat Enterprise Linux	rh-dotnet31-dotnet	Fix deferred
.NET Core 5.0 on Red Hat Enterprise Linux	rh-dotnet50-dotnet	Out of support scope
Red Hat Ceph Storage 4	ceph	Affected
Red Hat Ceph Storage 5	ceph	Affected
Red Hat Enterprise Linux 6	firefox	Not affected
Red Hat Enterprise Linux 7	firefox	Not affected
Red Hat Enterprise Linux 7	thunderbird	Not affected
Red Hat Enterprise Linux 8	dotnet3.1	Fix deferred
Red Hat Enterprise Linux 8	firefox	Fix deferred
Red Hat Enterprise Linux 8	firefox:flatpak/firefox	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=2094052angular: XSS vulnerability

EPSS

Процентиль: 80%

0.01341

Низкий

3.9 Low

CVSS3

Связанные уязвимости

CVE-2021-4231

CVSS3: 3.5

nvd

больше 3 лет назад

GHSA-c75v-2vq8-878f

CVSS3: 5.4

github