Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/angular@1.2.1
Typenpm
Namespace
Nameangular
Version1.2.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1nqc-e1g6-e3bf
vulnerability_id VCID-1nqc-e1g6-e3bf
summary 
Cross-Site Scripting via JSONP
JSONP allows untrusted resource URLs, which provides a vector for attack by malicious actors.
references
0
reference_url https://github.com/angular/angular.js/commit/6476af83cd0418c84e034a955b12a842794385c4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js/commit/6476af83cd0418c84e034a955b12a842794385c4
1
reference_url https://www.npmjs.com/advisories/1630
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1630
2
reference_url https://github.com/advisories/GHSA-28hp-fgcr-2r4h
reference_id GHSA-28hp-fgcr-2r4h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-28hp-fgcr-2r4h
fixed_packages
0
url pkg:npm/angular@1.6.0
purl pkg:npm/angular@1.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x1p-ye9j-rug4
1
vulnerability VCID-2m5b-zvmc-pygf
2
vulnerability VCID-6map-62jp-tkgu
3
vulnerability VCID-7p32-5sdx-j3hq
4
vulnerability VCID-8juz-913g-zfdb
5
vulnerability VCID-cfxn-m6af-2kb8
6
vulnerability VCID-cpwp-gasq-kffz
7
vulnerability VCID-dxq2-dfym-3fcv
8
vulnerability VCID-njvf-2y8u-5kfw
9
vulnerability VCID-qwfu-v1x6-e3ep
10
vulnerability VCID-rcvr-9ews-tfab
11
vulnerability VCID-rvrc-5q4c-63bh
12
vulnerability VCID-tbpx-hrpt-gkej
13
vulnerability VCID-xd5a-s1n3-bkhg
14
vulnerability VCID-yjab-2vra-zug8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.0
aliases GHSA-28hp-fgcr-2r4h, GMS-2019-114
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1nqc-e1g6-e3bf
1
url VCID-2m5b-zvmc-pygf
vulnerability_id VCID-2m5b-zvmc-pygf
summary 
XSS in $sanitize in Safari/Firefox
Both Firefox and Safari are vulnerable to XSS if we use an inert document created via `document.implementation.createHTMLDocument()`.
references
0
reference_url https://github.com/angular/angular.js/blob/master/CHANGELOG.md#165-toffee-salinization-2017-07-03
reference_id
reference_type
scores
url https://github.com/angular/angular.js/blob/master/CHANGELOG.md#165-toffee-salinization-2017-07-03
1
reference_url https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
reference_id
reference_type
scores
url https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
fixed_packages
0
url pkg:npm/angular@1.6.5
purl pkg:npm/angular@1.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x1p-ye9j-rug4
1
vulnerability VCID-6map-62jp-tkgu
2
vulnerability VCID-8juz-913g-zfdb
3
vulnerability VCID-cfxn-m6af-2kb8
4
vulnerability VCID-cpwp-gasq-kffz
5
vulnerability VCID-dxq2-dfym-3fcv
6
vulnerability VCID-njvf-2y8u-5kfw
7
vulnerability VCID-qwfu-v1x6-e3ep
8
vulnerability VCID-rcvr-9ews-tfab
9
vulnerability VCID-rvrc-5q4c-63bh
10
vulnerability VCID-tbpx-hrpt-gkej
11
vulnerability VCID-xd5a-s1n3-bkhg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.5
aliases GMS-2017-134
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2m5b-zvmc-pygf
2
url VCID-6map-62jp-tkgu
vulnerability_id VCID-6map-62jp-tkgu
summary 
angular vulnerable to regular expression denial of service via the $resource service
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26117.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26117.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26117
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.5084
published_at 2026-04-13T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.50855
published_at 2026-04-12T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.50878
published_at 2026-04-16T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.50836
published_at 2026-04-09T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.50838
published_at 2026-04-08T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.50781
published_at 2026-04-07T12:55:00Z
6
value 0.00274
scoring_system epss
scoring_elements 0.50824
published_at 2026-04-04T12:55:00Z
7
value 0.00274
scoring_system epss
scoring_elements 0.50799
published_at 2026-04-02T12:55:00Z
8
value 0.00318
scoring_system epss
scoring_elements 0.54914
published_at 2026-04-18T12:55:00Z
9
value 0.00318
scoring_system epss
scoring_elements 0.54893
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26117
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26117
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26117
3
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
4
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
7
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323
8
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325
9
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324
10
reference_url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/
url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
11
reference_url https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/
url https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
reference_id 1036694
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2183108
reference_id 2183108
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2183108
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26117
reference_id CVE-2023-26117
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26117
15
reference_url https://github.com/advisories/GHSA-2qqx-w9hr-q5gx
reference_id GHSA-2qqx-w9hr-q5gx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qqx-w9hr-q5gx
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
reference_id OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
reference_id UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
18
reference_url https://usn.ubuntu.com/7958-1/
reference_id USN-7958-1
reference_type
scores
url https://usn.ubuntu.com/7958-1/
fixed_packages
aliases CVE-2023-26117, GHSA-2qqx-w9hr-q5gx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6map-62jp-tkgu
3
url VCID-7p32-5sdx-j3hq
vulnerability_id VCID-7p32-5sdx-j3hq
summary 
Denial of service in $sanitize
Running $sanitize on bad HTML can freeze the browser. The problem occurs with clobbered data; typically the "nextSibling" property on an element is changed to one of it's child node, this makes it impossible to walk the HTML tree and leads to an infinite loop which freezes the browser.
references
fixed_packages
0
url pkg:npm/angular@1.6.3
purl pkg:npm/angular@1.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x1p-ye9j-rug4
1
vulnerability VCID-2m5b-zvmc-pygf
2
vulnerability VCID-6map-62jp-tkgu
3
vulnerability VCID-8juz-913g-zfdb
4
vulnerability VCID-cfxn-m6af-2kb8
5
vulnerability VCID-cpwp-gasq-kffz
6
vulnerability VCID-dxq2-dfym-3fcv
7
vulnerability VCID-njvf-2y8u-5kfw
8
vulnerability VCID-qwfu-v1x6-e3ep
9
vulnerability VCID-rcvr-9ews-tfab
10
vulnerability VCID-rvrc-5q4c-63bh
11
vulnerability VCID-tbpx-hrpt-gkej
12
vulnerability VCID-xd5a-s1n3-bkhg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.3
aliases GMS-2017-115
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7p32-5sdx-j3hq
4
url VCID-9nuw-8wc1-vkc4
vulnerability_id VCID-9nuw-8wc1-vkc4
summary 
Bypass CSP protection
Extension URIs (`resource://...`) bypass ````Content-Security-Policy```` in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an extension installed that uses Angular, an attacked can load Angular from the extension, and Angular's auto-bootstrapping can be used to bypass the victim site's CSP protection.
references
0
reference_url https://github.com/angular/angular.js/commit/0ff10e1b56c6b7c4ac465e35c96a5886e294bac5
reference_id
reference_type
scores
url https://github.com/angular/angular.js/commit/0ff10e1b56c6b7c4ac465e35c96a5886e294bac5
1
reference_url https://github.com/angular/angular.js/commit/6ce2913d99bb0dade6027ba9733295d0aa13b242
reference_id
reference_type
scores
url https://github.com/angular/angular.js/commit/6ce2913d99bb0dade6027ba9733295d0aa13b242
2
reference_url https://github.com/angular/angular.js/commit/a649758655843275cc477fb638f8e55f72a4eaa6
reference_id
reference_type
scores
url https://github.com/angular/angular.js/commit/a649758655843275cc477fb638f8e55f72a4eaa6
3
reference_url https://github.com/angular/angular.js/commit/ebe90051eda8a3328e5993cca1663e28d03113d0
reference_id
reference_type
scores
url https://github.com/angular/angular.js/commit/ebe90051eda8a3328e5993cca1663e28d03113d0
4
reference_url https://github.com/mozilla/addons-linter/issues/1000
reference_id
reference_type
scores
url https://github.com/mozilla/addons-linter/issues/1000
fixed_packages
0
url pkg:npm/angular@1.5.9
purl pkg:npm/angular@1.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nqc-e1g6-e3bf
1
vulnerability VCID-1x1p-ye9j-rug4
2
vulnerability VCID-2m5b-zvmc-pygf
3
vulnerability VCID-6map-62jp-tkgu
4
vulnerability VCID-7p32-5sdx-j3hq
5
vulnerability VCID-8juz-913g-zfdb
6
vulnerability VCID-cfxn-m6af-2kb8
7
vulnerability VCID-cpwp-gasq-kffz
8
vulnerability VCID-dxq2-dfym-3fcv
9
vulnerability VCID-njvf-2y8u-5kfw
10
vulnerability VCID-qwfu-v1x6-e3ep
11
vulnerability VCID-rcvr-9ews-tfab
12
vulnerability VCID-rvrc-5q4c-63bh
13
vulnerability VCID-tbpx-hrpt-gkej
14
vulnerability VCID-xd5a-s1n3-bkhg
15
vulnerability VCID-yjab-2vra-zug8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.5.9
1
url pkg:npm/angular@1.6.0-rc.1
purl pkg:npm/angular@1.6.0-rc.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nqc-e1g6-e3bf
1
vulnerability VCID-1x1p-ye9j-rug4
2
vulnerability VCID-2m5b-zvmc-pygf
3
vulnerability VCID-6map-62jp-tkgu
4
vulnerability VCID-7p32-5sdx-j3hq
5
vulnerability VCID-8juz-913g-zfdb
6
vulnerability VCID-cfxn-m6af-2kb8
7
vulnerability VCID-cpwp-gasq-kffz
8
vulnerability VCID-dxq2-dfym-3fcv
9
vulnerability VCID-njvf-2y8u-5kfw
10
vulnerability VCID-qwfu-v1x6-e3ep
11
vulnerability VCID-rcvr-9ews-tfab
12
vulnerability VCID-rvrc-5q4c-63bh
13
vulnerability VCID-tbpx-hrpt-gkej
14
vulnerability VCID-xd5a-s1n3-bkhg
15
vulnerability VCID-yjab-2vra-zug8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.0-rc.1
2
url pkg:npm/angular@1.6.0
purl pkg:npm/angular@1.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x1p-ye9j-rug4
1
vulnerability VCID-2m5b-zvmc-pygf
2
vulnerability VCID-6map-62jp-tkgu
3
vulnerability VCID-7p32-5sdx-j3hq
4
vulnerability VCID-8juz-913g-zfdb
5
vulnerability VCID-cfxn-m6af-2kb8
6
vulnerability VCID-cpwp-gasq-kffz
7
vulnerability VCID-dxq2-dfym-3fcv
8
vulnerability VCID-njvf-2y8u-5kfw
9
vulnerability VCID-qwfu-v1x6-e3ep
10
vulnerability VCID-rcvr-9ews-tfab
11
vulnerability VCID-rvrc-5q4c-63bh
12
vulnerability VCID-tbpx-hrpt-gkej
13
vulnerability VCID-xd5a-s1n3-bkhg
14
vulnerability VCID-yjab-2vra-zug8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.0
aliases GMS-2016-73
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nuw-8wc1-vkc4
5
url VCID-cfxn-m6af-2kb8
vulnerability_id VCID-cfxn-m6af-2kb8
summary 
Improper sanitization of the value of the `[srcset]` attribute in `<source>` HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .

This issue affects all versions of AngularJS.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8373.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8373.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8373
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02329
published_at 2026-04-21T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02236
published_at 2026-04-18T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02227
published_at 2026-04-16T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02247
published_at 2026-04-12T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02258
published_at 2026-04-11T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.02276
published_at 2026-04-09T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.02254
published_at 2026-04-08T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.02253
published_at 2026-04-07T12:55:00Z
8
value 0.00013
scoring_system epss
scoring_elements 0.02245
published_at 2026-04-13T12:55:00Z
9
value 0.00013
scoring_system epss
scoring_elements 0.0224
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8373
2
reference_url https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:04:03Z/
url https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8373
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8373
4
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
5
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8373
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8373
7
reference_url https://security.netapp.com/advisory/ntap-20241122-0003
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241122-0003
8
reference_url https://www.herodevs.com/vulnerability-directory/cve-2024-8373
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:04:03Z/
url https://www.herodevs.com/vulnerability-directory/cve-2024-8373
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088805
reference_id 1088805
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088805
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2310872
reference_id 2310872
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2310872
11
reference_url https://github.com/advisories/GHSA-mqm9-c95h-x2p6
reference_id GHSA-mqm9-c95h-x2p6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqm9-c95h-x2p6
12
reference_url https://usn.ubuntu.com/7958-1/
reference_id USN-7958-1
reference_type
scores
url https://usn.ubuntu.com/7958-1/
fixed_packages
aliases CVE-2024-8373, GHSA-mqm9-c95h-x2p6
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cfxn-m6af-2kb8
6
url VCID-cpwp-gasq-kffz
vulnerability_id VCID-cpwp-gasq-kffz
summary 
angular vulnerable to regular expression denial of service via the <input type="url"> element
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26118.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26118.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26118
reference_id
reference_type
scores
0
value 0.00526
scoring_system epss
scoring_elements 0.67031
published_at 2026-04-12T12:55:00Z
1
value 0.00526
scoring_system epss
scoring_elements 0.67045
published_at 2026-04-11T12:55:00Z
2
value 0.00526
scoring_system epss
scoring_elements 0.67025
published_at 2026-04-09T12:55:00Z
3
value 0.00526
scoring_system epss
scoring_elements 0.67013
published_at 2026-04-08T12:55:00Z
4
value 0.00526
scoring_system epss
scoring_elements 0.66989
published_at 2026-04-04T12:55:00Z
5
value 0.00526
scoring_system epss
scoring_elements 0.66964
published_at 2026-04-07T12:55:00Z
6
value 0.00526
scoring_system epss
scoring_elements 0.67033
published_at 2026-04-16T12:55:00Z
7
value 0.00526
scoring_system epss
scoring_elements 0.67
published_at 2026-04-13T12:55:00Z
8
value 0.0061
scoring_system epss
scoring_elements 0.69803
published_at 2026-04-18T12:55:00Z
9
value 0.0061
scoring_system epss
scoring_elements 0.69784
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26118
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26118
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26118
3
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
4
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
7
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326
8
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328
9
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327
10
reference_url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/
url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
11
reference_url https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/
url https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
reference_id 1036694
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2183110
reference_id 2183110
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2183110
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26118
reference_id CVE-2023-26118
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26118
15
reference_url https://github.com/advisories/GHSA-qwqh-hm9m-p5hr
reference_id GHSA-qwqh-hm9m-p5hr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qwqh-hm9m-p5hr
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
reference_id OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
reference_id UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
18
reference_url https://usn.ubuntu.com/7958-1/
reference_id USN-7958-1
reference_type
scores
url https://usn.ubuntu.com/7958-1/
fixed_packages
aliases CVE-2023-26118, GHSA-qwqh-hm9m-p5hr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cpwp-gasq-kffz
7
url VCID-dj5f-tchs-k3b7
vulnerability_id VCID-dj5f-tchs-k3b7
summary 
Code Injection
The attribute usemap can be used as a security exploit.
references
0
reference_url https://github.com/angular/angular.js/commit/f35f334bd3197585bdf034f4b6d9ffa3122dac62
reference_id
reference_type
scores
url https://github.com/angular/angular.js/commit/f35f334bd3197585bdf034f4b6d9ffa3122dac62
fixed_packages
0
url pkg:npm/angular@1.2.30
purl pkg:npm/angular@1.2.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nqc-e1g6-e3bf
1
vulnerability VCID-2m5b-zvmc-pygf
2
vulnerability VCID-6map-62jp-tkgu
3
vulnerability VCID-7p32-5sdx-j3hq
4
vulnerability VCID-9nuw-8wc1-vkc4
5
vulnerability VCID-cfxn-m6af-2kb8
6
vulnerability VCID-cpwp-gasq-kffz
7
vulnerability VCID-dxq2-dfym-3fcv
8
vulnerability VCID-ex2m-smbh-3kgy
9
vulnerability VCID-njvf-2y8u-5kfw
10
vulnerability VCID-qwfu-v1x6-e3ep
11
vulnerability VCID-rcvr-9ews-tfab
12
vulnerability VCID-rvrc-5q4c-63bh
13
vulnerability VCID-tbpx-hrpt-gkej
14
vulnerability VCID-xd5a-s1n3-bkhg
15
vulnerability VCID-yjab-2vra-zug8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.2.30
1
url pkg:npm/angular@1.3.0-rc.5
purl pkg:npm/angular@1.3.0-rc.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nqc-e1g6-e3bf
1
vulnerability VCID-1x1p-ye9j-rug4
2
vulnerability VCID-2m5b-zvmc-pygf
3
vulnerability VCID-6map-62jp-tkgu
4
vulnerability VCID-7p32-5sdx-j3hq
5
vulnerability VCID-9nuw-8wc1-vkc4
6
vulnerability VCID-cfxn-m6af-2kb8
7
vulnerability VCID-cpwp-gasq-kffz
8
vulnerability VCID-dxq2-dfym-3fcv
9
vulnerability VCID-ex2m-smbh-3kgy
10
vulnerability VCID-njvf-2y8u-5kfw
11
vulnerability VCID-qwfu-v1x6-e3ep
12
vulnerability VCID-rcvr-9ews-tfab
13
vulnerability VCID-rvrc-5q4c-63bh
14
vulnerability VCID-tbpx-hrpt-gkej
15
vulnerability VCID-xd5a-s1n3-bkhg
16
vulnerability VCID-yjab-2vra-zug8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.3.0-rc.5
aliases GMS-2016-48
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dj5f-tchs-k3b7
8
url VCID-dxq2-dfym-3fcv
vulnerability_id VCID-dxq2-dfym-3fcv
summary 
Cross Site Scripting
On Firefox there is a XSS vulnerability if a malicious attacker can write into the `xml:base` attribute on an SVG anchor.
references
0
reference_url https://github.com/RetireJS/retire.js/commit/ed3512729af76583b28611a4a1b6a8797d7f074c#diff-8b52b7156debed9dd797400ff51e3e15
reference_id
reference_type
scores
url https://github.com/RetireJS/retire.js/commit/ed3512729af76583b28611a4a1b6a8797d7f074c#diff-8b52b7156debed9dd797400ff51e3e15
fixed_packages
0
url pkg:npm/angular@1.6.9
purl pkg:npm/angular@1.6.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x1p-ye9j-rug4
1
vulnerability VCID-6map-62jp-tkgu
2
vulnerability VCID-8juz-913g-zfdb
3
vulnerability VCID-cfxn-m6af-2kb8
4
vulnerability VCID-cpwp-gasq-kffz
5
vulnerability VCID-njvf-2y8u-5kfw
6
vulnerability VCID-qwfu-v1x6-e3ep
7
vulnerability VCID-rcvr-9ews-tfab
8
vulnerability VCID-rvrc-5q4c-63bh
9
vulnerability VCID-tbpx-hrpt-gkej
10
vulnerability VCID-xd5a-s1n3-bkhg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.9
aliases GMS-2018-9
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dxq2-dfym-3fcv
9
url VCID-ex2m-smbh-3kgy
vulnerability_id VCID-ex2m-smbh-3kgy
summary 
AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes
Versions of `angular` prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize `xlink:href` attributes, which may allow attackers to execute arbitrary JavaScript in a victim's browser if the value is user-controlled.


## Recommendation

Upgrade to version 1.5.0-beta.1 or later.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14863.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14863.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14863
reference_id
reference_type
scores
0
value 0.00097
scoring_system epss
scoring_elements 0.26711
published_at 2026-04-21T12:55:00Z
1
value 0.00097
scoring_system epss
scoring_elements 0.2675
published_at 2026-04-18T12:55:00Z
2
value 0.00097
scoring_system epss
scoring_elements 0.26778
published_at 2026-04-16T12:55:00Z
3
value 0.00097
scoring_system epss
scoring_elements 0.26771
published_at 2026-04-13T12:55:00Z
4
value 0.00097
scoring_system epss
scoring_elements 0.26828
published_at 2026-04-12T12:55:00Z
5
value 0.00097
scoring_system epss
scoring_elements 0.26872
published_at 2026-04-11T12:55:00Z
6
value 0.00097
scoring_system epss
scoring_elements 0.26869
published_at 2026-04-09T12:55:00Z
7
value 0.00097
scoring_system epss
scoring_elements 0.26822
published_at 2026-04-08T12:55:00Z
8
value 0.00097
scoring_system epss
scoring_elements 0.26753
published_at 2026-04-07T12:55:00Z
9
value 0.00097
scoring_system epss
scoring_elements 0.26963
published_at 2026-04-04T12:55:00Z
10
value 0.00097
scoring_system epss
scoring_elements 0.26926
published_at 2026-04-02T12:55:00Z
11
value 0.00097
scoring_system epss
scoring_elements 0.26886
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14863
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14863
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14863
4
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
5
reference_url https://github.com/angular/angular.js/commit/35a21532b73d5bd84b4325211c563e6a3e2dde82
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js/commit/35a21532b73d5bd84b4325211c563e6a3e2dde82
6
reference_url https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a
7
reference_url https://github.com/angular/angular.js/pull/12524
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js/pull/12524
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14863
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14863
9
reference_url https://snyk.io/vuln/npm:angular:20150807
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/npm:angular:20150807
10
reference_url https://www.npmjs.com/advisories/1453
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1453
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1763589
reference_id 1763589
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1763589
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942833
reference_id 942833
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942833
13
reference_url https://github.com/advisories/GHSA-r5fx-8r73-v86c
reference_id GHSA-r5fx-8r73-v86c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r5fx-8r73-v86c
14
reference_url https://access.redhat.com/errata/RHSA-2019:4069
reference_id RHSA-2019:4069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:4069
15
reference_url https://access.redhat.com/errata/RHSA-2019:4071
reference_id RHSA-2019:4071
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:4071
16
reference_url https://usn.ubuntu.com/7958-1/
reference_id USN-7958-1
reference_type
scores
url https://usn.ubuntu.com/7958-1/
fixed_packages
0
url pkg:npm/angular@1.5.0-beta.1
purl pkg:npm/angular@1.5.0-beta.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.5.0-beta.1
1
url pkg:npm/angular@1.5.0-beta.2
purl pkg:npm/angular@1.5.0-beta.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nqc-e1g6-e3bf
1
vulnerability VCID-1x1p-ye9j-rug4
2
vulnerability VCID-2m5b-zvmc-pygf
3
vulnerability VCID-6map-62jp-tkgu
4
vulnerability VCID-7p32-5sdx-j3hq
5
vulnerability VCID-8juz-913g-zfdb
6
vulnerability VCID-9nuw-8wc1-vkc4
7
vulnerability VCID-cfxn-m6af-2kb8
8
vulnerability VCID-cpwp-gasq-kffz
9
vulnerability VCID-dxq2-dfym-3fcv
10
vulnerability VCID-njvf-2y8u-5kfw
11
vulnerability VCID-qwfu-v1x6-e3ep
12
vulnerability VCID-rcvr-9ews-tfab
13
vulnerability VCID-rvrc-5q4c-63bh
14
vulnerability VCID-tbpx-hrpt-gkej
15
vulnerability VCID-xd5a-s1n3-bkhg
16
vulnerability VCID-yjab-2vra-zug8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.5.0-beta.2
aliases CVE-2019-14863, GHSA-r5fx-8r73-v86c
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ex2m-smbh-3kgy
10
url VCID-njvf-2y8u-5kfw
vulnerability_id VCID-njvf-2y8u-5kfw
summary 
AngularJS improperly sanitizes SVG elements
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images.

This issue affects all versions of AngularJS.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0716.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0716.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-0716
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.14655
published_at 2026-04-21T12:55:00Z
1
value 0.00048
scoring_system epss
scoring_elements 0.14798
published_at 2026-04-02T12:55:00Z
2
value 0.00048
scoring_system epss
scoring_elements 0.14876
published_at 2026-04-04T12:55:00Z
3
value 0.00048
scoring_system epss
scoring_elements 0.14677
published_at 2026-04-07T12:55:00Z
4
value 0.00048
scoring_system epss
scoring_elements 0.14767
published_at 2026-04-08T12:55:00Z
5
value 0.00048
scoring_system epss
scoring_elements 0.14828
published_at 2026-04-09T12:55:00Z
6
value 0.00048
scoring_system epss
scoring_elements 0.14787
published_at 2026-04-11T12:55:00Z
7
value 0.00048
scoring_system epss
scoring_elements 0.1475
published_at 2026-04-12T12:55:00Z
8
value 0.00048
scoring_system epss
scoring_elements 0.14694
published_at 2026-04-13T12:55:00Z
9
value 0.00048
scoring_system epss
scoring_elements 0.14588
published_at 2026-04-16T12:55:00Z
10
value 0.00048
scoring_system epss
scoring_elements 0.14594
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-0716
2
reference_url https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:33:33Z/
url https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0716
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0716
4
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
5
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-0716
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-0716
7
reference_url https://www.herodevs.com/vulnerability-directory/cve-2025-0716
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:33:33Z/
url https://www.herodevs.com/vulnerability-directory/cve-2025-0716
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104485
reference_id 1104485
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104485
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2362958
reference_id 2362958
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2362958
10
reference_url https://github.com/advisories/GHSA-j58c-ww9w-pwp5
reference_id GHSA-j58c-ww9w-pwp5
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j58c-ww9w-pwp5
11
reference_url https://usn.ubuntu.com/7958-1/
reference_id USN-7958-1
reference_type
scores
url https://usn.ubuntu.com/7958-1/
fixed_packages
aliases CVE-2025-0716, GHSA-j58c-ww9w-pwp5
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njvf-2y8u-5kfw
11
url VCID-qwfu-v1x6-e3ep
vulnerability_id VCID-qwfu-v1x6-e3ep
summary 
angular vulnerable to regular expression denial of service via the angular.copy() utility
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26116.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26116.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26116
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.50855
published_at 2026-04-12T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.5084
published_at 2026-04-13T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.50878
published_at 2026-04-16T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.50836
published_at 2026-04-09T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.50838
published_at 2026-04-08T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.50781
published_at 2026-04-07T12:55:00Z
6
value 0.00274
scoring_system epss
scoring_elements 0.50824
published_at 2026-04-04T12:55:00Z
7
value 0.00274
scoring_system epss
scoring_elements 0.50799
published_at 2026-04-02T12:55:00Z
8
value 0.00318
scoring_system epss
scoring_elements 0.54893
published_at 2026-04-21T12:55:00Z
9
value 0.00318
scoring_system epss
scoring_elements 0.54914
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26116
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26116
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26116
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
5
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
8
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320
9
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322
10
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321
11
reference_url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/
url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
12
reference_url https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/
url https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
reference_id 1036694
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2183109
reference_id 2183109
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2183109
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26116
reference_id CVE-2023-26116
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26116
16
reference_url https://github.com/advisories/GHSA-2vrf-hf26-jrp5
reference_id GHSA-2vrf-hf26-jrp5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2vrf-hf26-jrp5
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
reference_id OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
reference_id UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
19
reference_url https://usn.ubuntu.com/7958-1/
reference_id USN-7958-1
reference_type
scores
url https://usn.ubuntu.com/7958-1/
fixed_packages
aliases CVE-2023-26116, GHSA-2vrf-hf26-jrp5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwfu-v1x6-e3ep
12
url VCID-rcvr-9ews-tfab
vulnerability_id VCID-rcvr-9ews-tfab
summary 
XSS via JQLite DOM manipulation functions in AngularJS
### Summary
XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to `JQLite` methods like `JQLite.prepend`, `JQLite.after`, `JQLite.append`, `JQLite.replaceWith`, `JQLite.append`, `new JQLite` and `angular.element`.

### Description

JQLite (DOM manipulation library that's part of AngularJS) manipulates input HTML before inserting it to the DOM in `jqLiteBuildFragment`.

One of the modifications performed [expands an XHTML self-closing tag](https://github.com/angular/angular.js/blob/418355f1cf9a9a9827ae81d257966e6acfb5623a/src/jqLite.js#L218).

If `jqLiteBuildFragment` is called (e.g. via `new JQLite(aString)`) with user-controlled HTML string that was sanitized (e.g. with [DOMPurify](https://github.com/cure53/DOMPurify)), the transformation done by JQLite may modify some forms of an inert, sanitized payload into a payload containing JavaScript - and trigger an XSS when the payload is inserted into DOM.

This is similar to a bug in jQuery `htmlPrefilter` function that was [fixed in 3.5.0](https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/).

### Proof of concept

```javascript
const inertPayload = `<div><style><style/><img src=x onerror="alert(1337)"/>` 
```
Note that the style element is not closed and `<img` would be a text node inside the style if inserted into the DOM as-is.
As such, some HTML sanitizers would leave the `<img` as is without processing it and stripping the `onerror` attribute.

```javascript
angular.element(document).append(inertPayload);
```
This will alert, as `<style/>` will be replaced with `<style></style>` before adding it to the DOM, closing the style element early and reactivating `img`.

### Patches
The issue is patched in `JQLite` bundled with angular 1.8.0. AngularJS users using JQuery should upgrade JQuery to 3.5.0, as a similar vulnerability [affects jQuery <3.5.0](https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2).

### Workarounds
Changing sanitizer configuration not to allow certain tag grouping (e.g. `<option><style></option>`) or inline style elements may stop certain exploitation vectors, but it's uncertain if all possible exploitation vectors would be covered. Upgrade of AngularJS to 1.8.0 is recommended.

### References
https://github.com/advisories/GHSA-mhp6-pxh8-r675
https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
references
0
reference_url https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
1
reference_url https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
reference_id
reference_type
scores
url https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
2
reference_url https://github.com/advisories/GHSA-mhp6-pxh8-r675
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-mhp6-pxh8-r675
3
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
4
reference_url https://github.com/google/security-research/security/advisories/GHSA-5cp4-xmrw-59wf
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/google/security-research/security/advisories/GHSA-5cp4-xmrw-59wf
5
reference_url https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
6
reference_url https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
7
reference_url https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
8
reference_url https://github.com/advisories/GHSA-5cp4-xmrw-59wf
reference_id GHSA-5cp4-xmrw-59wf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5cp4-xmrw-59wf
fixed_packages
0
url pkg:npm/angular@1.8.0
purl pkg:npm/angular@1.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x1p-ye9j-rug4
1
vulnerability VCID-6map-62jp-tkgu
2
vulnerability VCID-8juz-913g-zfdb
3
vulnerability VCID-cfxn-m6af-2kb8
4
vulnerability VCID-cpwp-gasq-kffz
5
vulnerability VCID-njvf-2y8u-5kfw
6
vulnerability VCID-qwfu-v1x6-e3ep
7
vulnerability VCID-tbpx-hrpt-gkej
8
vulnerability VCID-tgyd-qy7s-kkew
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.8.0
aliases GHSA-5cp4-xmrw-59wf, GMS-2020-703
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcvr-9ews-tfab
13
url VCID-rvrc-5q4c-63bh
vulnerability_id VCID-rvrc-5q4c-63bh
summary 
Angular vulnerable to Cross-site Scripting
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping `<option>` elements in `<select>` ones changes parsing behavior, leading to possibly unsanitizing code.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7676.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7676.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7676
reference_id
reference_type
scores
0
value 0.00563
scoring_system epss
scoring_elements 0.68399
published_at 2026-04-21T12:55:00Z
1
value 0.00563
scoring_system epss
scoring_elements 0.68421
published_at 2026-04-18T12:55:00Z
2
value 0.00563
scoring_system epss
scoring_elements 0.68408
published_at 2026-04-16T12:55:00Z
3
value 0.00563
scoring_system epss
scoring_elements 0.6837
published_at 2026-04-13T12:55:00Z
4
value 0.00563
scoring_system epss
scoring_elements 0.68403
published_at 2026-04-12T12:55:00Z
5
value 0.00563
scoring_system epss
scoring_elements 0.68415
published_at 2026-04-11T12:55:00Z
6
value 0.00563
scoring_system epss
scoring_elements 0.68388
published_at 2026-04-09T12:55:00Z
7
value 0.00563
scoring_system epss
scoring_elements 0.68371
published_at 2026-04-08T12:55:00Z
8
value 0.00563
scoring_system epss
scoring_elements 0.6832
published_at 2026-04-07T12:55:00Z
9
value 0.00563
scoring_system epss
scoring_elements 0.68343
published_at 2026-04-04T12:55:00Z
10
value 0.00563
scoring_system epss
scoring_elements 0.68324
published_at 2026-04-02T12:55:00Z
11
value 0.00563
scoring_system epss
scoring_elements 0.68304
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7676
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7676
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7676
3
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
4
reference_url https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd
5
reference_url https://github.com/angular/angular.js/pull/17028
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js/pull/17028
6
reference_url https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7676
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7676
27
reference_url https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
28
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1849206
reference_id 1849206
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1849206
29
reference_url https://access.redhat.com/errata/RHSA-2020:5249
reference_id RHSA-2020:5249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5249
30
reference_url https://access.redhat.com/errata/RHSA-2020:5568
reference_id RHSA-2020:5568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5568
31
reference_url https://access.redhat.com/errata/RHSA-2021:0417
reference_id RHSA-2021:0417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0417
32
reference_url https://access.redhat.com/errata/RHSA-2021:0967
reference_id RHSA-2021:0967
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0967
33
reference_url https://access.redhat.com/errata/RHSA-2021:0968
reference_id RHSA-2021:0968
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0968
34
reference_url https://access.redhat.com/errata/RHSA-2021:0969
reference_id RHSA-2021:0969
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0969
35
reference_url https://access.redhat.com/errata/RHSA-2021:0974
reference_id RHSA-2021:0974
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0974
fixed_packages
0
url pkg:npm/angular@1.8.0
purl pkg:npm/angular@1.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x1p-ye9j-rug4
1
vulnerability VCID-6map-62jp-tkgu
2
vulnerability VCID-8juz-913g-zfdb
3
vulnerability VCID-cfxn-m6af-2kb8
4
vulnerability VCID-cpwp-gasq-kffz
5
vulnerability VCID-njvf-2y8u-5kfw
6
vulnerability VCID-qwfu-v1x6-e3ep
7
vulnerability VCID-tbpx-hrpt-gkej
8
vulnerability VCID-tgyd-qy7s-kkew
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.8.0
aliases CVE-2020-7676, GHSA-mhp6-pxh8-r675
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rvrc-5q4c-63bh
14
url VCID-tbpx-hrpt-gkej
vulnerability_id VCID-tbpx-hrpt-gkej
summary 
Angular (deprecated package) Cross-site Scripting
All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of `<textarea>` elements.

NPM package [angular](https://www.npmjs.com/package/angular) is deprecated. Those who want to receive security updates should use the actively maintained package [@angular/core](https://www.npmjs.com/package/@angular/core).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25869.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25869.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25869
reference_id
reference_type
scores
0
value 0.07519
scoring_system epss
scoring_elements 0.91822
published_at 2026-04-21T12:55:00Z
1
value 0.07519
scoring_system epss
scoring_elements 0.91814
published_at 2026-04-12T12:55:00Z
2
value 0.07519
scoring_system epss
scoring_elements 0.9183
published_at 2026-04-16T12:55:00Z
3
value 0.07519
scoring_system epss
scoring_elements 0.9181
published_at 2026-04-13T12:55:00Z
4
value 0.07519
scoring_system epss
scoring_elements 0.91812
published_at 2026-04-11T12:55:00Z
5
value 0.07519
scoring_system epss
scoring_elements 0.91809
published_at 2026-04-09T12:55:00Z
6
value 0.07519
scoring_system epss
scoring_elements 0.91802
published_at 2026-04-08T12:55:00Z
7
value 0.07519
scoring_system epss
scoring_elements 0.9179
published_at 2026-04-07T12:55:00Z
8
value 0.07708
scoring_system epss
scoring_elements 0.919
published_at 2026-04-04T12:55:00Z
9
value 0.07708
scoring_system epss
scoring_elements 0.91892
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25869
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25869
3
reference_url https://glitch.com/edit/%23%21/angular-repro-textarea-xss
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://glitch.com/edit/%23%21/angular-repro-textarea-xss
4
reference_url https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25869
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25869
6
reference_url https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617
7
reference_url https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031
8
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783
9
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784
10
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782
11
reference_url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
12
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783
13
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784
14
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782
15
reference_url https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781
16
reference_url https://www.npmjs.com/package/angular
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/angular
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
reference_id 1036694
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2362768
reference_id 2362768
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2362768
19
reference_url https://github.com/advisories/GHSA-prc3-vjfx-vhm9
reference_id GHSA-prc3-vjfx-vhm9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-prc3-vjfx-vhm9
fixed_packages
aliases CVE-2022-25869, GHSA-prc3-vjfx-vhm9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tbpx-hrpt-gkej
15
url VCID-xd5a-s1n3-bkhg
vulnerability_id VCID-xd5a-s1n3-bkhg
summary 
angular Prototype Pollution vulnerability
Versions of `angular ` prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function `merge()` does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.

## Recommendation

Upgrade to version 1.7.9 or later. The function was already deprecated and upgrades are not expected to break functionality.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10768.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10768.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10768
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.55863
published_at 2026-04-18T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.5586
published_at 2026-04-16T12:55:00Z
2
value 0.00328
scoring_system epss
scoring_elements 0.55824
published_at 2026-04-13T12:55:00Z
3
value 0.00328
scoring_system epss
scoring_elements 0.55842
published_at 2026-04-12T12:55:00Z
4
value 0.00328
scoring_system epss
scoring_elements 0.55862
published_at 2026-04-11T12:55:00Z
5
value 0.00328
scoring_system epss
scoring_elements 0.55854
published_at 2026-04-09T12:55:00Z
6
value 0.00328
scoring_system epss
scoring_elements 0.55851
published_at 2026-04-08T12:55:00Z
7
value 0.00328
scoring_system epss
scoring_elements 0.558
published_at 2026-04-07T12:55:00Z
8
value 0.00328
scoring_system epss
scoring_elements 0.5582
published_at 2026-04-04T12:55:00Z
9
value 0.00328
scoring_system epss
scoring_elements 0.55797
published_at 2026-04-02T12:55:00Z
10
value 0.00328
scoring_system epss
scoring_elements 0.55686
published_at 2026-04-01T12:55:00Z
11
value 0.00423
scoring_system epss
scoring_elements 0.62146
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10768
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10768
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10768
3
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
4
reference_url https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
5
reference_url https://github.com/angular/angular.js/pull/16913
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js/pull/16913
6
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10768
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10768
9
reference_url https://snyk.io/vuln/SNYK-JS-ANGULAR-534884
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-ANGULAR-534884
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1813309
reference_id 1813309
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1813309
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945249
reference_id 945249
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945249
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*
13
reference_url https://github.com/advisories/GHSA-89mq-4x47-5v83
reference_id GHSA-89mq-4x47-5v83
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-89mq-4x47-5v83
14
reference_url https://access.redhat.com/errata/RHSA-2020:5568
reference_id RHSA-2020:5568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5568
15
reference_url https://access.redhat.com/errata/RHSA-2021:0417
reference_id RHSA-2021:0417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0417
16
reference_url https://access.redhat.com/errata/RHSA-2022:8849
reference_id RHSA-2022:8849
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8849
17
reference_url https://access.redhat.com/errata/RHSA-2022:8866
reference_id RHSA-2022:8866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8866
18
reference_url https://access.redhat.com/errata/RHSA-2023:0274
reference_id RHSA-2023:0274
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0274
fixed_packages
0
url pkg:npm/angular@1.7.9
purl pkg:npm/angular@1.7.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x1p-ye9j-rug4
1
vulnerability VCID-6map-62jp-tkgu
2
vulnerability VCID-8juz-913g-zfdb
3
vulnerability VCID-cfxn-m6af-2kb8
4
vulnerability VCID-cpwp-gasq-kffz
5
vulnerability VCID-njvf-2y8u-5kfw
6
vulnerability VCID-qwfu-v1x6-e3ep
7
vulnerability VCID-rcvr-9ews-tfab
8
vulnerability VCID-rvrc-5q4c-63bh
9
vulnerability VCID-tbpx-hrpt-gkej
10
vulnerability VCID-tgyd-qy7s-kkew
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.7.9
aliases CVE-2019-10768, GHSA-89mq-4x47-5v83
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xd5a-s1n3-bkhg
16
url VCID-yjab-2vra-zug8
vulnerability_id VCID-yjab-2vra-zug8
summary 
Bypass CSP protection
, AngularJS allows bootstrapping of invalid/bad svg and currentScript if it was clobbered.
references
0
reference_url https://github.com/angular/angular.js/blob/master/CHANGELOG.md#bug-fixes-5
reference_id
reference_type
scores
url https://github.com/angular/angular.js/blob/master/CHANGELOG.md#bug-fixes-5
1
reference_url https://github.com/angular/angular.js/commit/95f964b827b6f5b5aab10af54f7831316c7a9935
reference_id
reference_type
scores
url https://github.com/angular/angular.js/commit/95f964b827b6f5b5aab10af54f7831316c7a9935
2
reference_url https://github.com/angular/angular.js/commit/c8f78a8ca9debc33a6deaf951f344b8d372bf210
reference_id
reference_type
scores
url https://github.com/angular/angular.js/commit/c8f78a8ca9debc33a6deaf951f344b8d372bf210
fixed_packages
0
url pkg:npm/angular@1.6.3
purl pkg:npm/angular@1.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x1p-ye9j-rug4
1
vulnerability VCID-2m5b-zvmc-pygf
2
vulnerability VCID-6map-62jp-tkgu
3
vulnerability VCID-8juz-913g-zfdb
4
vulnerability VCID-cfxn-m6af-2kb8
5
vulnerability VCID-cpwp-gasq-kffz
6
vulnerability VCID-dxq2-dfym-3fcv
7
vulnerability VCID-njvf-2y8u-5kfw
8
vulnerability VCID-qwfu-v1x6-e3ep
9
vulnerability VCID-rcvr-9ews-tfab
10
vulnerability VCID-rvrc-5q4c-63bh
11
vulnerability VCID-tbpx-hrpt-gkej
12
vulnerability VCID-xd5a-s1n3-bkhg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.3
aliases GMS-2017-110
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yjab-2vra-zug8
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/angular@1.2.1