Описание
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
A flaw exists in the template compiler of Angular as it fails to properly classify certain URL-bearing attributes (including SVG and MathML attributes such as href, xlink:href, or the attributeName of SVG animation elements) as requiring strict sanitization. As a result, an attacker who can supply untrusted data bound to those attributes may inject a malicious javascript: URL or script that persists (Stored XSS), which can execute in the context of the application's origin when rendered.
Меры по смягчению последствий
You could always manually sanitize user-controlled input or Disable or restrict dynamic SVG/MathML usage where possible in order to mitigate this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/volsync-operator-bundle | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/volsync-rhel9 | Not affected | ||
| Red Hat Ceph Storage 5 | ceph | Affected | ||
| Red Hat Ceph Storage 6 | ceph | Affected | ||
| Red Hat Ceph Storage 7 | ceph | Affected | ||
| Red Hat Ceph Storage 8 | ceph | Affected | ||
| Red Hat Enterprise Linux 10 | ceph | Affected | ||
| Red Hat Enterprise Linux 10 | firefox | Not affected | ||
| Red Hat Enterprise Linux 10 | gjs | Will not fix |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
Angular is a development platform for building mobile and desktop web ...
Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes
Уязвимость компилятора шаблонов среды проектирования приложений и платформы разработки одностраничных приложений Аngular, позволяющая нарушителю проводить межсайтовые сценарные атаки
8.1 High
CVSS3