Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-8373

Опубликовано: 09 сент. 2024
Источник: redhat
CVSS3: 4.3

Описание

Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

A flaw was found in AngularJS. An improper sanitization of the srcset attribute in the source may allow attackers to bypass common image source restrictions, which may allow Content Spoofing.

Меры по смягчению последствий

Currently no mitigation is available for this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/kibana6-rhel8Not affected
Red Hat Enterprise Linux 10firefoxNot affected
Red Hat Enterprise Linux 10gjsNot affected
Red Hat Enterprise Linux 10grafanaNot affected
Red Hat Enterprise Linux 10thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected
Red Hat Enterprise Linux 8firefoxNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-791
https://bugzilla.redhat.com/show_bug.cgi?id=2310872angular: From NVD collector

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-8373

CVSS3: 4.8
ubuntu
больше 1 года назад

Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

nvd логотип

CVE-2024-8373

CVSS3: 4.8
nvd
больше 1 года назад

Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

debian логотип

CVE-2024-8373

CVSS3: 4.8
debian
больше 1 года назад

Improper sanitization of the value of the [srcset] attribute in <sourc ...

github логотип

GHSA-mqm9-c95h-x2p6

CVSS3: 4.8
github
больше 1 года назад

AngularJS allows attackers to bypass common image source restrictions

fstec логотип

BDU:2025-02356

CVSS3: 4.8
fstec
больше 1 года назад

Уязвимость JavaScript-фреймворка для разработки одностраничных приложений АngularJS, связанная с неполной фильтрацией специальных элементов, позволяющая нарушителю обойти существующие ограничения безопасности и проводить спуфинг-атаки

4.3 Medium

CVSS3