AngularJS 1.3.0 Beta 6

CPE Details

AngularJS 1.3.0 Beta 6
angularjs
angular.js
1.3.0
2019-12-05
19h06 +00:00
2019-12-05
19h06 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:angularjs:angular.js:1.3.0:beta6:*:*:*:*:*:*

Informations

Vendor

angularjs

Product

angular.js

Version

1.3.0

Update

beta6

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-8373 2024-09-09 14h48 +00:00 Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
4.8
Medium
CVE-2024-21490 2024-02-10 05h00 +00:00 This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).
7.5
High
CVE-2020-7676 2020-06-08 11h34 +00:00 angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "
5.4
Medium
CVE-2019-14863 2020-01-02 13h20 +00:00 There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
6.1
Medium
CVE-2019-10768 2019-11-19 19h07 +00:00 In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.