Количество 2
Количество 2
CVE-2020-5219
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution.
GHSA-hxhm-96pp-2m43
Remote Code Execution in Angular Expressions
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-5219 Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. | CVSS3: 8.7 | 1% Низкий | около 6 лет назад |
| GHSA-hxhm-96pp-2m43 Remote Code Execution in Angular Expressions | CVSS3: 8.7 | 1% Низкий | около 6 лет назад |
Уязвимостей на страницу