Описание
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG and xlink:href attributes within SVG <script> elements. This could allow an attacker to inject malicious scripts into web pages, leading to arbitrary code execution in the user's browser.
Отчет
This vulnerability is rated Moderate for Red Hat products. A cross-site scripting (XSS) flaw in the Angular Template Compiler allows an attacker to inject malicious scripts into web pages. This affects several Red Hat products, including Red Hat Enterprise Application Platform, Red Hat JBoss Fuse, Red Hat OpenStack Platform, Red Hat Quay, Red Hat Advanced Cluster Management for Kubernetes, and Red Hat Single Sign-On. Certain components within Red Hat Enterprise Linux and Community Projects are either not affected or will not be fixed.
Меры по смягчению последствий
This issue can be mitigating by avoiding the usage of dynamic bindings, this can be achieved by not using the Angular template binding [attr.href] when handling SVG <script> elements.
If there's a need of using dynamic bindings, users are advised to validate the input against a strict list of trusted URLs on the server side before serving the values to the template.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch6-rhel9 | Will not fix | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-operator-bundle | Will not fix | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-proxy-rhel9 | Will not fix | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-rhel9-operator | Will not fix | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Will not fix | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-curator5-rhel9 | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/acm-grafana-rhel9 | Affected | ||
| Red Hat Enterprise Linux 10 | firefox | Not affected | ||
| Red Hat Enterprise Linux 10 | gjs | Not affected | ||
| Red Hat Enterprise Linux 10 | grafana | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG <script> elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG <script> elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.
Angular is a development platform for building mobile and desktop web ...
Angular has XSS Vulnerability via Unsanitized SVG Script Attributes
EPSS
7.3 High
CVSS3