CVE-2024-8373
Sept. 17, 2024, 5:32 p.m.
4.3
Medium
Description
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .
This issue affects all versions of AngularJS.
Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Angularjs |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-791
Incomplete Filtering of Special Elements
The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | angularjs | angular.js | / | / | / | / | / | / | / | / |
Tags
CVSS Score
CVSS Data - 3.1
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: NONE
- Scope: UNCHANGED
- Confidentiality Impact: NONE
- Integrity Impact: LOW
- Availability Impact: NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Timeline
Published: Sept. 9, 2024, 3:15 p.m.
Last Modified: Sept. 17, 2024, 5:32 p.m.
Last Modified: Sept. 17, 2024, 5:32 p.m.
Status : Analyzed
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
36c7be3b-2937-45df-85ea-ca7133ea542c
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.