Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/angular.js@1.2.26-1

Type deb

Namespace debian

Name angular.js

Version 1.2.26-1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.8.3-1+deb12u1

Latest_non_vulnerable_version 1.8.3-1+deb12u1

Affected_by_vulnerabilities

url VCID-1x1p-ye9j-rug4

vulnerability_id VCID-1x1p-ye9j-rug4

summary

Improper sanitization of the value of the `[srcset]` attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .

This issue affects AngularJS versions 1.3.0-rc.4 and greater.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8372.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8372.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8372

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03346
published_at	2026-04-21T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03225
published_at	2026-04-18T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03296
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03215
published_at	2026-04-16T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.0324
published_at	2026-04-13T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03261
published_at	2026-04-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03289
published_at	2026-04-11T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03331
published_at	2026-04-09T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.0331
published_at	2026-04-08T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03305
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03285
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8372

reference_url

https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:06:37Z/

url

https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8372

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-8372

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-8372

reference_url

https://security.netapp.com/advisory/ntap-20241122-0002

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241122-0002

reference_url

https://www.herodevs.com/vulnerability-directory/cve-2024-8372

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:06:37Z/

url

https://www.herodevs.com/vulnerability-directory/cve-2024-8372

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088804
reference_id	1088804
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088804

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2310871
reference_id	2310871
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2310871

reference_url

https://github.com/advisories/GHSA-m9gf-397r-hwpg

reference_id

GHSA-m9gf-397r-hwpg

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m9gf-397r-hwpg

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

url	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
purl	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1

aliases CVE-2024-8372, GHSA-m9gf-397r-hwpg

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1x1p-ye9j-rug4

url VCID-6map-62jp-tkgu

vulnerability_id VCID-6map-62jp-tkgu

summary

angular vulnerable to regular expression denial of service via the $resource service
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26117.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26117.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26117

reference_id

reference_type

scores

value	0.00274
scoring_system	epss
scoring_elements	0.5084
published_at	2026-04-13T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50855
published_at	2026-04-12T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50878
published_at	2026-04-16T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50836
published_at	2026-04-09T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50838
published_at	2026-04-08T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50781
published_at	2026-04-07T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50824
published_at	2026-04-04T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50799
published_at	2026-04-02T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54914
published_at	2026-04-18T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54893
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26117

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26117
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26117

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324

reference_url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/

url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045

reference_url

https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/

url

https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
reference_id	1036694
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2183108
reference_id	2183108
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2183108

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-26117

reference_id

CVE-2023-26117

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-26117

reference_url

https://github.com/advisories/GHSA-2qqx-w9hr-q5gx

reference_id

GHSA-2qqx-w9hr-q5gx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2qqx-w9hr-q5gx

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/

reference_id

OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/

reference_id

UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

url	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
purl	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1

aliases CVE-2023-26117, GHSA-2qqx-w9hr-q5gx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6map-62jp-tkgu

url VCID-8juz-913g-zfdb

vulnerability_id VCID-8juz-913g-zfdb

summary

angular vulnerable to super-linear runtime due to backtracking
This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. 


**Note:**

This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21490.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21490.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-21490

reference_id

reference_type

scores

value	0.02246
scoring_system	epss
scoring_elements	0.84596
published_at	2026-04-21T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84512
published_at	2026-04-02T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84533
published_at	2026-04-04T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84536
published_at	2026-04-07T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84595
published_at	2026-04-18T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84594
published_at	2026-04-16T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84574
published_at	2026-04-13T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84579
published_at	2026-04-12T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84583
published_at	2026-04-11T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84558
published_at	2026-04-08T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84564
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-21490

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21490
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21490

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-21490

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-21490

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747

reference_url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/

url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113

reference_url

https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/

url

https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos

reference_url

https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088803
reference_id	1088803
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088803

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2263754
reference_id	2263754
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2263754

reference_url

https://github.com/advisories/GHSA-4w4v-5hc9-xrr2

reference_id

GHSA-4w4v-5hc9-xrr2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4w4v-5hc9-xrr2

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

url	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
purl	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1

aliases CVE-2024-21490, GHSA-4w4v-5hc9-xrr2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8juz-913g-zfdb

url VCID-cfxn-m6af-2kb8

vulnerability_id VCID-cfxn-m6af-2kb8

summary

Improper sanitization of the value of the `[srcset]` attribute in `<source>` HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .

This issue affects all versions of AngularJS.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8373.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8373.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8373

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02329
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02236
published_at	2026-04-18T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02227
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02247
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02258
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02276
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02254
published_at	2026-04-08T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02253
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02245
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0224
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8373

reference_url

https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:04:03Z/

url

https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8373

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-8373

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-8373

reference_url

https://security.netapp.com/advisory/ntap-20241122-0003

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241122-0003

reference_url

https://www.herodevs.com/vulnerability-directory/cve-2024-8373

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:04:03Z/

url

https://www.herodevs.com/vulnerability-directory/cve-2024-8373

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088805
reference_id	1088805
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088805

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2310872
reference_id	2310872
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2310872

reference_url

https://github.com/advisories/GHSA-mqm9-c95h-x2p6

reference_id

GHSA-mqm9-c95h-x2p6

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mqm9-c95h-x2p6

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

url	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
purl	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1

aliases CVE-2024-8373, GHSA-mqm9-c95h-x2p6

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cfxn-m6af-2kb8

url VCID-cpwp-gasq-kffz

vulnerability_id VCID-cpwp-gasq-kffz

summary

angular vulnerable to regular expression denial of service via the <input type="url"> element
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26118.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26118.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26118

reference_id

reference_type

scores

value	0.00526
scoring_system	epss
scoring_elements	0.67031
published_at	2026-04-12T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67045
published_at	2026-04-11T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67025
published_at	2026-04-09T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67013
published_at	2026-04-08T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.66989
published_at	2026-04-04T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.66964
published_at	2026-04-07T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67033
published_at	2026-04-16T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67
published_at	2026-04-13T12:55:00Z

value	0.0061
scoring_system	epss
scoring_elements	0.69803
published_at	2026-04-18T12:55:00Z

value	0.0061
scoring_system	epss
scoring_elements	0.69784
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26118

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26118
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26118

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327

reference_url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/

url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046

reference_url

https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/

url

https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
reference_id	1036694
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2183110
reference_id	2183110
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2183110

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-26118

reference_id

CVE-2023-26118

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-26118

reference_url

https://github.com/advisories/GHSA-qwqh-hm9m-p5hr

reference_id

GHSA-qwqh-hm9m-p5hr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qwqh-hm9m-p5hr

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/

reference_id

OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/

reference_id

UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

url	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
purl	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1

aliases CVE-2023-26118, GHSA-qwqh-hm9m-p5hr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cpwp-gasq-kffz

url VCID-ex2m-smbh-3kgy

vulnerability_id VCID-ex2m-smbh-3kgy

summary

AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes
Versions of `angular` prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize `xlink:href` attributes, which may allow attackers to execute arbitrary JavaScript in a victim's browser if the value is user-controlled.


## Recommendation

Upgrade to version 1.5.0-beta.1 or later.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14863.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14863.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14863

reference_id

reference_type

scores

value	0.00097
scoring_system	epss
scoring_elements	0.26711
published_at	2026-04-21T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.2675
published_at	2026-04-18T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26778
published_at	2026-04-16T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26771
published_at	2026-04-13T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26828
published_at	2026-04-12T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26872
published_at	2026-04-11T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26869
published_at	2026-04-09T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26822
published_at	2026-04-08T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26753
published_at	2026-04-07T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26963
published_at	2026-04-04T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26926
published_at	2026-04-02T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26886
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14863

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14863
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14863

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://github.com/angular/angular.js/commit/35a21532b73d5bd84b4325211c563e6a3e2dde82

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js/commit/35a21532b73d5bd84b4325211c563e6a3e2dde82

reference_url

https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a

reference_url

https://github.com/angular/angular.js/pull/12524

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js/pull/12524

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14863

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14863

reference_url

https://snyk.io/vuln/npm:angular:20150807

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/npm:angular:20150807

reference_url

https://www.npmjs.com/advisories/1453

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/1453

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1763589
reference_id	1763589
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1763589

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942833
reference_id	942833
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942833

reference_url

https://github.com/advisories/GHSA-r5fx-8r73-v86c

reference_id

GHSA-r5fx-8r73-v86c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r5fx-8r73-v86c

reference_url	https://access.redhat.com/errata/RHSA-2019:4069
reference_id	RHSA-2019:4069
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:4069

reference_url	https://access.redhat.com/errata/RHSA-2019:4071
reference_id	RHSA-2019:4071
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:4071

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

url pkg:deb/debian/angular.js@1.5.10-1

purl pkg:deb/debian/angular.js@1.5.10-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1x1p-ye9j-rug4

vulnerability	VCID-6map-62jp-tkgu

vulnerability	VCID-8juz-913g-zfdb

vulnerability	VCID-cfxn-m6af-2kb8

vulnerability	VCID-cpwp-gasq-kffz

vulnerability	VCID-njvf-2y8u-5kfw

vulnerability	VCID-qwfu-v1x6-e3ep

vulnerability	VCID-rvrc-5q4c-63bh

vulnerability	VCID-s1yh-7m2a-y3g3

vulnerability	VCID-tgyd-qy7s-kkew

vulnerability	VCID-xd5a-s1n3-bkhg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.5.10-1

aliases CVE-2019-14863, GHSA-r5fx-8r73-v86c

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ex2m-smbh-3kgy

url VCID-njvf-2y8u-5kfw

vulnerability_id VCID-njvf-2y8u-5kfw

summary

AngularJS improperly sanitizes SVG elements
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images.

This issue affects all versions of AngularJS.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0716.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0716.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-0716

reference_id

reference_type

scores

value	0.00048
scoring_system	epss
scoring_elements	0.14655
published_at	2026-04-21T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14798
published_at	2026-04-02T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14876
published_at	2026-04-04T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14677
published_at	2026-04-07T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14767
published_at	2026-04-08T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14828
published_at	2026-04-09T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14787
published_at	2026-04-11T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.1475
published_at	2026-04-12T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14694
published_at	2026-04-13T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14588
published_at	2026-04-16T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14594
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-0716

reference_url

https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:33:33Z/

url

https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0716
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0716

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-0716

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-0716

reference_url

https://www.herodevs.com/vulnerability-directory/cve-2025-0716

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:33:33Z/

url

https://www.herodevs.com/vulnerability-directory/cve-2025-0716

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104485
reference_id	1104485
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104485

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2362958
reference_id	2362958
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2362958

reference_url

https://github.com/advisories/GHSA-j58c-ww9w-pwp5

reference_id

GHSA-j58c-ww9w-pwp5

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j58c-ww9w-pwp5

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

url	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
purl	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1

aliases CVE-2025-0716, GHSA-j58c-ww9w-pwp5

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njvf-2y8u-5kfw

url VCID-qwfu-v1x6-e3ep

vulnerability_id VCID-qwfu-v1x6-e3ep

summary

angular vulnerable to regular expression denial of service via the angular.copy() utility
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26116.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26116.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26116

reference_id

reference_type

scores

value	0.00274
scoring_system	epss
scoring_elements	0.50855
published_at	2026-04-12T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.5084
published_at	2026-04-13T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50878
published_at	2026-04-16T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50836
published_at	2026-04-09T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50838
published_at	2026-04-08T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50781
published_at	2026-04-07T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50824
published_at	2026-04-04T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50799
published_at	2026-04-02T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54893
published_at	2026-04-21T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54914
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26116

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26116
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26116

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321

reference_url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/

url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044

reference_url

https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/

url

https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
reference_id	1036694
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2183109
reference_id	2183109
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2183109

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-26116

reference_id

CVE-2023-26116

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-26116

reference_url

https://github.com/advisories/GHSA-2vrf-hf26-jrp5

reference_id

GHSA-2vrf-hf26-jrp5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2vrf-hf26-jrp5

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/

reference_id

OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/

reference_id

UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

url	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
purl	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1

aliases CVE-2023-26116, GHSA-2vrf-hf26-jrp5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwfu-v1x6-e3ep

url VCID-rvrc-5q4c-63bh

vulnerability_id VCID-rvrc-5q4c-63bh

summary

Angular vulnerable to Cross-site Scripting
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping `<option>` elements in `<select>` ones changes parsing behavior, leading to possibly unsanitizing code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7676.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7676.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7676

reference_id

reference_type

scores

value	0.00563
scoring_system	epss
scoring_elements	0.68399
published_at	2026-04-21T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68421
published_at	2026-04-18T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68408
published_at	2026-04-16T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.6837
published_at	2026-04-13T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68403
published_at	2026-04-12T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68415
published_at	2026-04-11T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68388
published_at	2026-04-09T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68371
published_at	2026-04-08T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.6832
published_at	2026-04-07T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68343
published_at	2026-04-04T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68324
published_at	2026-04-02T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68304
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7676

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7676
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7676

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd

reference_url

https://github.com/angular/angular.js/pull/17028

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js/pull/17028

reference_url

https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7676

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7676

reference_url

https://snyk.io/vuln/SNYK-JS-ANGULAR-570058

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-ANGULAR-570058

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1849206
reference_id	1849206
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1849206

reference_url	https://access.redhat.com/errata/RHSA-2020:5249
reference_id	RHSA-2020:5249
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5249

reference_url	https://access.redhat.com/errata/RHSA-2020:5568
reference_id	RHSA-2020:5568
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5568

reference_url	https://access.redhat.com/errata/RHSA-2021:0417
reference_id	RHSA-2021:0417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0417

reference_url	https://access.redhat.com/errata/RHSA-2021:0967
reference_id	RHSA-2021:0967
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0967

reference_url	https://access.redhat.com/errata/RHSA-2021:0968
reference_id	RHSA-2021:0968
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0968

reference_url	https://access.redhat.com/errata/RHSA-2021:0969
reference_id	RHSA-2021:0969
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0969

reference_url	https://access.redhat.com/errata/RHSA-2021:0974
reference_id	RHSA-2021:0974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0974

fixed_packages

url pkg:deb/debian/angular.js@1.8.2-2

purl pkg:deb/debian/angular.js@1.8.2-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1x1p-ye9j-rug4

vulnerability	VCID-6map-62jp-tkgu

vulnerability	VCID-8juz-913g-zfdb

vulnerability	VCID-cfxn-m6af-2kb8

vulnerability	VCID-cpwp-gasq-kffz

vulnerability	VCID-njvf-2y8u-5kfw

vulnerability	VCID-qwfu-v1x6-e3ep

vulnerability	VCID-s1yh-7m2a-y3g3

vulnerability	VCID-tgyd-qy7s-kkew

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2

aliases CVE-2020-7676, GHSA-mhp6-pxh8-r675

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rvrc-5q4c-63bh

url VCID-s1yh-7m2a-y3g3

vulnerability_id VCID-s1yh-7m2a-y3g3

summary

AngularJS Incomplete Filtering of Special Elements vulnerability
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images.

This issue affects AngularJS versions greater than or equal to 1.3.1.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-2336

reference_id

reference_type

scores

value	0.00198
scoring_system	epss
scoring_elements	0.41961
published_at	2026-04-18T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.4189
published_at	2026-04-21T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45762
published_at	2026-04-02T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45783
published_at	2026-04-13T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45732
published_at	2026-04-07T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45789
published_at	2026-04-08T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45786
published_at	2026-04-09T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45808
published_at	2026-04-11T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45778
published_at	2026-04-12T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45833
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-2336

reference_url

https://codepen.io/herodevs/pen/bNGYaXx/412a3a4218387479898912f60c269c6c

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T18:14:00Z/

url

https://codepen.io/herodevs/pen/bNGYaXx/412a3a4218387479898912f60c269c6c

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2336
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2336

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-2336

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-2336

reference_url

https://www.herodevs.com/vulnerability-directory/cve-2025-2336

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T18:14:00Z/

url

https://www.herodevs.com/vulnerability-directory/cve-2025-2336

reference_url

https://www.herodevs.com/vulnerability-directory/cve-2025-2336?angularjs-nes

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.herodevs.com/vulnerability-directory/cve-2025-2336?angularjs-nes

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107519
reference_id	1107519
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107519

reference_url

https://github.com/advisories/GHSA-4p4w-6hg8-63wx

reference_id

GHSA-4p4w-6hg8-63wx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4p4w-6hg8-63wx

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

url	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
purl	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1

aliases CVE-2025-2336, GHSA-4p4w-6hg8-63wx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1yh-7m2a-y3g3

url VCID-tgyd-qy7s-kkew

vulnerability_id VCID-tgyd-qy7s-kkew

summary

angular vulnerable to regular expression denial of service (ReDoS)
AngularJS lets users write client-side web applications. The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value.

**Note:**
1. This package has been deprecated and is no longer maintained.
2. The vulnerable versions are 1.7.0 and higher.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25844.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25844.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25844

reference_id

reference_type

scores

value	0.01924
scoring_system	epss
scoring_elements	0.83403
published_at	2026-04-21T12:55:00Z

value	0.01924
scoring_system	epss
scoring_elements	0.83402
published_at	2026-04-18T12:55:00Z

value	0.01924
scoring_system	epss
scoring_elements	0.83401
published_at	2026-04-16T12:55:00Z

value	0.01924
scoring_system	epss
scoring_elements	0.83365
published_at	2026-04-13T12:55:00Z

value	0.01924
scoring_system	epss
scoring_elements	0.8337
published_at	2026-04-12T12:55:00Z

value	0.01924
scoring_system	epss
scoring_elements	0.83327
published_at	2026-04-07T12:55:00Z

value	0.01924
scoring_system	epss
scoring_elements	0.83311
published_at	2026-04-02T12:55:00Z

value	0.01924
scoring_system	epss
scoring_elements	0.83376
published_at	2026-04-11T12:55:00Z

value	0.01924
scoring_system	epss
scoring_elements	0.83361
published_at	2026-04-09T12:55:00Z

value	0.01924
scoring_system	epss
scoring_elements	0.83351
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25844

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25844

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO

reference_url

https://security.netapp.com/advisory/ntap-20220629-0009

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220629-0009

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737

reference_url

https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735

reference_url

https://stackblitz.com/edit/angularjs-material-blank-zvtdvb

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://stackblitz.com/edit/angularjs-material-blank-zvtdvb

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014779
reference_id	1014779
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014779

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2080945
reference_id	2080945
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2080945

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25844

reference_id

CVE-2022-25844

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25844

reference_url

https://github.com/advisories/GHSA-m2h2-264f-f486

reference_id

GHSA-m2h2-264f-f486

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m2h2-264f-f486

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

url	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
purl	pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1

aliases CVE-2022-25844, GHSA-m2h2-264f-f486

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgyd-qy7s-kkew

url VCID-xd5a-s1n3-bkhg

vulnerability_id VCID-xd5a-s1n3-bkhg

summary

angular Prototype Pollution vulnerability
Versions of `angular ` prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function `merge()` does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.

## Recommendation

Upgrade to version 1.7.9 or later. The function was already deprecated and upgrades are not expected to break functionality.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10768.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10768.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10768

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55863
published_at	2026-04-18T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.5586
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55824
published_at	2026-04-13T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55842
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55862
published_at	2026-04-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55854
published_at	2026-04-09T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55851
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.558
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.5582
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55797
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55686
published_at	2026-04-01T12:55:00Z

value	0.00423
scoring_system	epss
scoring_elements	0.62146
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10768

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10768
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10768

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3

reference_url

https://github.com/angular/angular.js/pull/16913

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js/pull/16913

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10768

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10768

reference_url

https://snyk.io/vuln/SNYK-JS-ANGULAR-534884

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-ANGULAR-534884

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1813309
reference_id	1813309
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1813309

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945249
reference_id	945249
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945249

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:angularjs:angularjs::::::::
reference_id	cpe:2.3:a:angularjs:angularjs::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:angularjs:angularjs::::::::

reference_url

https://github.com/advisories/GHSA-89mq-4x47-5v83

reference_id

GHSA-89mq-4x47-5v83

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-89mq-4x47-5v83

reference_url	https://access.redhat.com/errata/RHSA-2020:5568
reference_id	RHSA-2020:5568
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5568

reference_url	https://access.redhat.com/errata/RHSA-2021:0417
reference_id	RHSA-2021:0417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0417

reference_url	https://access.redhat.com/errata/RHSA-2022:8849
reference_id	RHSA-2022:8849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8849

reference_url	https://access.redhat.com/errata/RHSA-2022:8866
reference_id	RHSA-2022:8866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8866

reference_url	https://access.redhat.com/errata/RHSA-2023:0274
reference_id	RHSA-2023:0274
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0274

fixed_packages

url pkg:deb/debian/angular.js@1.8.2-2

purl pkg:deb/debian/angular.js@1.8.2-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1x1p-ye9j-rug4

vulnerability	VCID-6map-62jp-tkgu

vulnerability	VCID-8juz-913g-zfdb

vulnerability	VCID-cfxn-m6af-2kb8

vulnerability	VCID-cpwp-gasq-kffz

vulnerability	VCID-njvf-2y8u-5kfw

vulnerability	VCID-qwfu-v1x6-e3ep

vulnerability	VCID-s1yh-7m2a-y3g3

vulnerability	VCID-tgyd-qy7s-kkew

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2

aliases CVE-2019-10768, GHSA-89mq-4x47-5v83

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xd5a-s1n3-bkhg

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.2.26-1

Package Instance