Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-8372

Опубликовано: 09 сент. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 4.8

Описание

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

РелизСтатусПримечание
devel

not-affected

1.8.3-3
esm-apps/focal

released

1.7.9-1ubuntu0.1~esm1
esm-apps/jammy

released

1.8.2-2ubuntu0.1
esm-apps/noble

released

1.8.3-1ubuntu0.24.04.1
esm-infra/bionic

released

1.5.10-1ubuntu0.1~esm1
esm-infra/xenial

not-affected

code not present
focal

ignored

end of standard support, was needs-triage
jammy

released

1.8.2-2ubuntu0.1
noble

released

1.8.3-1ubuntu0.24.04.1
oracular

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 4%
0.00018
Низкий

4.8 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-8372

CVSS3: 4.3
redhat
больше 1 года назад

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

nvd логотип

CVE-2024-8372

CVSS3: 4.8
nvd
больше 1 года назад

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

debian логотип

CVE-2024-8372

CVSS3: 4.8
debian
больше 1 года назад

Improper sanitization of the value of the 'srcset' attribute in Angula ...

github логотип

GHSA-m9gf-397r-hwpg

CVSS3: 4.8
github
больше 1 года назад

AngularJS allows attackers to bypass common image source restrictions

fstec логотип

BDU:2025-02357

CVSS3: 4.8
fstec
больше 1 года назад

Уязвимость JavaScript-фреймворка для разработки одностраничных приложений АngularJS, связанная с неправильной проверкой небезопасной эквивалентности входных данных, позволяющая нарушителю обойти существующие ограничения безопасности и проводить спуфинг-атаки

EPSS

Процентиль: 4%
0.00018
Низкий

4.8 Medium

CVSS3