Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/angular@1.4.0-beta.1

Type npm

Namespace

Name angular

Version 1.4.0-beta.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-1nqc-e1g6-e3bf

vulnerability_id VCID-1nqc-e1g6-e3bf

summary

Cross-Site Scripting via JSONP
JSONP allows untrusted resource URLs, which provides a vector for attack by malicious actors.

references

reference_url

https://github.com/angular/angular.js/commit/6476af83cd0418c84e034a955b12a842794385c4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js/commit/6476af83cd0418c84e034a955b12a842794385c4

reference_url

https://www.npmjs.com/advisories/1630

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/1630

reference_url

https://github.com/advisories/GHSA-28hp-fgcr-2r4h

reference_id

GHSA-28hp-fgcr-2r4h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-28hp-fgcr-2r4h

fixed_packages

url pkg:npm/angular@1.6.0

purl pkg:npm/angular@1.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1x1p-ye9j-rug4

vulnerability	VCID-2m5b-zvmc-pygf

vulnerability	VCID-6map-62jp-tkgu

vulnerability	VCID-7p32-5sdx-j3hq

vulnerability	VCID-8juz-913g-zfdb

vulnerability	VCID-cfxn-m6af-2kb8

vulnerability	VCID-cpwp-gasq-kffz

vulnerability	VCID-dxq2-dfym-3fcv

vulnerability	VCID-njvf-2y8u-5kfw

vulnerability	VCID-qwfu-v1x6-e3ep

vulnerability	VCID-rcvr-9ews-tfab

vulnerability	VCID-rvrc-5q4c-63bh

vulnerability	VCID-tbpx-hrpt-gkej

vulnerability	VCID-xd5a-s1n3-bkhg

vulnerability	VCID-yjab-2vra-zug8

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.0

aliases GHSA-28hp-fgcr-2r4h, GMS-2019-114

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1nqc-e1g6-e3bf

url

VCID-1x1p-ye9j-rug4

vulnerability_id

VCID-1x1p-ye9j-rug4

summary

Improper sanitization of the value of the `[srcset]` attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .

This issue affects AngularJS versions 1.3.0-rc.4 and greater.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8372.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8372.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8372

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03346
published_at	2026-04-21T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03225
published_at	2026-04-18T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03296
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03215
published_at	2026-04-16T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.0324
published_at	2026-04-13T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03261
published_at	2026-04-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03289
published_at	2026-04-11T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03331
published_at	2026-04-09T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.0331
published_at	2026-04-08T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03305
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03285
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8372

reference_url

https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:06:37Z/

url

https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8372
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8372

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-8372

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-8372

reference_url

https://security.netapp.com/advisory/ntap-20241122-0002

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241122-0002

reference_url

https://www.herodevs.com/vulnerability-directory/cve-2024-8372

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:06:37Z/

url

https://www.herodevs.com/vulnerability-directory/cve-2024-8372

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088804
reference_id	1088804
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088804

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2310871
reference_id	2310871
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2310871

reference_url

https://github.com/advisories/GHSA-m9gf-397r-hwpg

reference_id

GHSA-m9gf-397r-hwpg

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m9gf-397r-hwpg

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

aliases

CVE-2024-8372, GHSA-m9gf-397r-hwpg

risk_score

2.1

exploitability

0.5

weighted_severity

4.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-1x1p-ye9j-rug4

url VCID-2m5b-zvmc-pygf

vulnerability_id VCID-2m5b-zvmc-pygf

summary

XSS in $sanitize in Safari/Firefox
Both Firefox and Safari are vulnerable to XSS if we use an inert document created via `document.implementation.createHTMLDocument()`.

references

reference_url	https://github.com/angular/angular.js/blob/master/CHANGELOG.md#165-toffee-salinization-2017-07-03
reference_id
reference_type
scores
url	https://github.com/angular/angular.js/blob/master/CHANGELOG.md#165-toffee-salinization-2017-07-03

reference_url	https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
reference_id
reference_type
scores
url	https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94

fixed_packages

url pkg:npm/angular@1.6.5

purl pkg:npm/angular@1.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1x1p-ye9j-rug4

vulnerability	VCID-6map-62jp-tkgu

vulnerability	VCID-8juz-913g-zfdb

vulnerability	VCID-cfxn-m6af-2kb8

vulnerability	VCID-cpwp-gasq-kffz

vulnerability	VCID-dxq2-dfym-3fcv

vulnerability	VCID-njvf-2y8u-5kfw

vulnerability	VCID-qwfu-v1x6-e3ep

vulnerability	VCID-rcvr-9ews-tfab

vulnerability	VCID-rvrc-5q4c-63bh

vulnerability	VCID-tbpx-hrpt-gkej

vulnerability	VCID-xd5a-s1n3-bkhg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.5

aliases GMS-2017-134

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2m5b-zvmc-pygf

url

VCID-6map-62jp-tkgu

vulnerability_id

VCID-6map-62jp-tkgu

summary

angular vulnerable to regular expression denial of service via the $resource service
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26117.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26117.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26117

reference_id

reference_type

scores

value	0.00274
scoring_system	epss
scoring_elements	0.5084
published_at	2026-04-13T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50855
published_at	2026-04-12T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50878
published_at	2026-04-16T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50836
published_at	2026-04-09T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50838
published_at	2026-04-08T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50781
published_at	2026-04-07T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50824
published_at	2026-04-04T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50799
published_at	2026-04-02T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54914
published_at	2026-04-18T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54893
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26117

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26117
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26117

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324

reference_url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/

url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045

reference_url

https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/

url

https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
reference_id	1036694
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2183108
reference_id	2183108
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2183108

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-26117

reference_id

CVE-2023-26117

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-26117

reference_url

https://github.com/advisories/GHSA-2qqx-w9hr-q5gx

reference_id

GHSA-2qqx-w9hr-q5gx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2qqx-w9hr-q5gx

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/

reference_id

OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/

reference_id

UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

aliases

CVE-2023-26117, GHSA-2qqx-w9hr-q5gx

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-6map-62jp-tkgu

url VCID-7p32-5sdx-j3hq

vulnerability_id VCID-7p32-5sdx-j3hq

summary

Denial of service in $sanitize
Running $sanitize on bad HTML can freeze the browser. The problem occurs with clobbered data; typically the "nextSibling" property on an element is changed to one of it's child node, this makes it impossible to walk the HTML tree and leads to an infinite loop which freezes the browser.

references

fixed_packages

url pkg:npm/angular@1.6.3

purl pkg:npm/angular@1.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1x1p-ye9j-rug4

vulnerability	VCID-2m5b-zvmc-pygf

vulnerability	VCID-6map-62jp-tkgu

vulnerability	VCID-8juz-913g-zfdb

vulnerability	VCID-cfxn-m6af-2kb8

vulnerability	VCID-cpwp-gasq-kffz

vulnerability	VCID-dxq2-dfym-3fcv

vulnerability	VCID-njvf-2y8u-5kfw

vulnerability	VCID-qwfu-v1x6-e3ep

vulnerability	VCID-rcvr-9ews-tfab

vulnerability	VCID-rvrc-5q4c-63bh

vulnerability	VCID-tbpx-hrpt-gkej

vulnerability	VCID-xd5a-s1n3-bkhg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.3

aliases GMS-2017-115

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7p32-5sdx-j3hq

url

VCID-8juz-913g-zfdb

vulnerability_id

VCID-8juz-913g-zfdb

summary

angular vulnerable to super-linear runtime due to backtracking
This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. 


**Note:**

This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21490.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21490.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-21490

reference_id

reference_type

scores

value	0.02246
scoring_system	epss
scoring_elements	0.84596
published_at	2026-04-21T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84512
published_at	2026-04-02T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84533
published_at	2026-04-04T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84536
published_at	2026-04-07T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84595
published_at	2026-04-18T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84594
published_at	2026-04-16T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84574
published_at	2026-04-13T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84579
published_at	2026-04-12T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84583
published_at	2026-04-11T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84558
published_at	2026-04-08T12:55:00Z

value	0.02246
scoring_system	epss
scoring_elements	0.84564
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-21490

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21490
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21490

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-21490

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-21490

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747

reference_url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/

url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113

reference_url

https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/

url

https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos

reference_url

https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088803
reference_id	1088803
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088803

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2263754
reference_id	2263754
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2263754

reference_url

https://github.com/advisories/GHSA-4w4v-5hc9-xrr2

reference_id

GHSA-4w4v-5hc9-xrr2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4w4v-5hc9-xrr2

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

aliases

CVE-2024-21490, GHSA-4w4v-5hc9-xrr2

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-8juz-913g-zfdb

url VCID-9nuw-8wc1-vkc4

vulnerability_id VCID-9nuw-8wc1-vkc4

summary

Bypass CSP protection
Extension URIs (`resource://...`) bypass ````Content-Security-Policy```` in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an extension installed that uses Angular, an attacked can load Angular from the extension, and Angular's auto-bootstrapping can be used to bypass the victim site's CSP protection.

references

reference_url	https://github.com/angular/angular.js/commit/0ff10e1b56c6b7c4ac465e35c96a5886e294bac5
reference_id
reference_type
scores
url	https://github.com/angular/angular.js/commit/0ff10e1b56c6b7c4ac465e35c96a5886e294bac5

reference_url	https://github.com/angular/angular.js/commit/6ce2913d99bb0dade6027ba9733295d0aa13b242
reference_id
reference_type
scores
url	https://github.com/angular/angular.js/commit/6ce2913d99bb0dade6027ba9733295d0aa13b242

reference_url	https://github.com/angular/angular.js/commit/a649758655843275cc477fb638f8e55f72a4eaa6
reference_id
reference_type
scores
url	https://github.com/angular/angular.js/commit/a649758655843275cc477fb638f8e55f72a4eaa6

reference_url	https://github.com/angular/angular.js/commit/ebe90051eda8a3328e5993cca1663e28d03113d0
reference_id
reference_type
scores
url	https://github.com/angular/angular.js/commit/ebe90051eda8a3328e5993cca1663e28d03113d0

reference_url	https://github.com/mozilla/addons-linter/issues/1000
reference_id
reference_type
scores
url	https://github.com/mozilla/addons-linter/issues/1000

fixed_packages

url pkg:npm/angular@1.5.9

purl pkg:npm/angular@1.5.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1nqc-e1g6-e3bf

vulnerability	VCID-1x1p-ye9j-rug4

vulnerability	VCID-2m5b-zvmc-pygf

vulnerability	VCID-6map-62jp-tkgu

vulnerability	VCID-7p32-5sdx-j3hq

vulnerability	VCID-8juz-913g-zfdb

vulnerability	VCID-cfxn-m6af-2kb8

vulnerability	VCID-cpwp-gasq-kffz

vulnerability	VCID-dxq2-dfym-3fcv

vulnerability	VCID-njvf-2y8u-5kfw

vulnerability	VCID-qwfu-v1x6-e3ep

vulnerability	VCID-rcvr-9ews-tfab

vulnerability	VCID-rvrc-5q4c-63bh

vulnerability	VCID-tbpx-hrpt-gkej

vulnerability	VCID-xd5a-s1n3-bkhg

vulnerability	VCID-yjab-2vra-zug8

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.5.9

url pkg:npm/angular@1.6.0-rc.1

purl pkg:npm/angular@1.6.0-rc.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1nqc-e1g6-e3bf

vulnerability	VCID-1x1p-ye9j-rug4

vulnerability	VCID-2m5b-zvmc-pygf

vulnerability	VCID-6map-62jp-tkgu

vulnerability	VCID-7p32-5sdx-j3hq

vulnerability	VCID-8juz-913g-zfdb

vulnerability	VCID-cfxn-m6af-2kb8

vulnerability	VCID-cpwp-gasq-kffz

vulnerability	VCID-dxq2-dfym-3fcv

vulnerability	VCID-njvf-2y8u-5kfw

vulnerability	VCID-qwfu-v1x6-e3ep

vulnerability	VCID-rcvr-9ews-tfab

vulnerability	VCID-rvrc-5q4c-63bh

vulnerability	VCID-tbpx-hrpt-gkej

vulnerability	VCID-xd5a-s1n3-bkhg

vulnerability	VCID-yjab-2vra-zug8

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.0-rc.1

url pkg:npm/angular@1.6.0

purl pkg:npm/angular@1.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1x1p-ye9j-rug4

vulnerability	VCID-2m5b-zvmc-pygf

vulnerability	VCID-6map-62jp-tkgu

vulnerability	VCID-7p32-5sdx-j3hq

vulnerability	VCID-8juz-913g-zfdb

vulnerability	VCID-cfxn-m6af-2kb8

vulnerability	VCID-cpwp-gasq-kffz

vulnerability	VCID-dxq2-dfym-3fcv

vulnerability	VCID-njvf-2y8u-5kfw

vulnerability	VCID-qwfu-v1x6-e3ep

vulnerability	VCID-rcvr-9ews-tfab

vulnerability	VCID-rvrc-5q4c-63bh

vulnerability	VCID-tbpx-hrpt-gkej

vulnerability	VCID-xd5a-s1n3-bkhg

vulnerability	VCID-yjab-2vra-zug8

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.0

aliases GMS-2016-73

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nuw-8wc1-vkc4

url

VCID-cfxn-m6af-2kb8

vulnerability_id

VCID-cfxn-m6af-2kb8

summary

Improper sanitization of the value of the `[srcset]` attribute in `<source>` HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .

This issue affects all versions of AngularJS.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8373.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8373.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8373

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02329
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02236
published_at	2026-04-18T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02227
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02247
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02258
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02276
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02254
published_at	2026-04-08T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02253
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02245
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0224
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8373

reference_url

https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:04:03Z/

url

https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8373
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8373

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-8373

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-8373

reference_url

https://security.netapp.com/advisory/ntap-20241122-0003

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241122-0003

reference_url

https://www.herodevs.com/vulnerability-directory/cve-2024-8373

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:04:03Z/

url

https://www.herodevs.com/vulnerability-directory/cve-2024-8373

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088805
reference_id	1088805
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088805

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2310872
reference_id	2310872
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2310872

reference_url

https://github.com/advisories/GHSA-mqm9-c95h-x2p6

reference_id

GHSA-mqm9-c95h-x2p6

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mqm9-c95h-x2p6

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

aliases

CVE-2024-8373, GHSA-mqm9-c95h-x2p6

risk_score

2.1

exploitability

0.5

weighted_severity

4.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-cfxn-m6af-2kb8

url

VCID-cpwp-gasq-kffz

vulnerability_id

VCID-cpwp-gasq-kffz

summary

angular vulnerable to regular expression denial of service via the <input type="url"> element
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26118.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26118.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26118

reference_id

reference_type

scores

value	0.00526
scoring_system	epss
scoring_elements	0.67031
published_at	2026-04-12T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67045
published_at	2026-04-11T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67025
published_at	2026-04-09T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67013
published_at	2026-04-08T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.66989
published_at	2026-04-04T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.66964
published_at	2026-04-07T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67033
published_at	2026-04-16T12:55:00Z

value	0.00526
scoring_system	epss
scoring_elements	0.67
published_at	2026-04-13T12:55:00Z

value	0.0061
scoring_system	epss
scoring_elements	0.69803
published_at	2026-04-18T12:55:00Z

value	0.0061
scoring_system	epss
scoring_elements	0.69784
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26118

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26118
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26118

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327

reference_url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/

url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046

reference_url

https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/

url

https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
reference_id	1036694
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2183110
reference_id	2183110
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2183110

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-26118

reference_id

CVE-2023-26118

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-26118

reference_url

https://github.com/advisories/GHSA-qwqh-hm9m-p5hr

reference_id

GHSA-qwqh-hm9m-p5hr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qwqh-hm9m-p5hr

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/

reference_id

OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/

reference_id

UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

aliases

CVE-2023-26118, GHSA-qwqh-hm9m-p5hr

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-cpwp-gasq-kffz

url VCID-dxq2-dfym-3fcv

vulnerability_id VCID-dxq2-dfym-3fcv

summary

Cross Site Scripting
On Firefox there is a XSS vulnerability if a malicious attacker can write into the `xml:base` attribute on an SVG anchor.

references

reference_url	https://github.com/RetireJS/retire.js/commit/ed3512729af76583b28611a4a1b6a8797d7f074c#diff-8b52b7156debed9dd797400ff51e3e15
reference_id
reference_type
scores
url	https://github.com/RetireJS/retire.js/commit/ed3512729af76583b28611a4a1b6a8797d7f074c#diff-8b52b7156debed9dd797400ff51e3e15

fixed_packages

url pkg:npm/angular@1.6.9

purl pkg:npm/angular@1.6.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1x1p-ye9j-rug4

vulnerability	VCID-6map-62jp-tkgu

vulnerability	VCID-8juz-913g-zfdb

vulnerability	VCID-cfxn-m6af-2kb8

vulnerability	VCID-cpwp-gasq-kffz

vulnerability	VCID-njvf-2y8u-5kfw

vulnerability	VCID-qwfu-v1x6-e3ep

vulnerability	VCID-rcvr-9ews-tfab

vulnerability	VCID-rvrc-5q4c-63bh

vulnerability	VCID-tbpx-hrpt-gkej

vulnerability	VCID-xd5a-s1n3-bkhg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.9

aliases GMS-2018-9

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dxq2-dfym-3fcv

url VCID-ex2m-smbh-3kgy

vulnerability_id VCID-ex2m-smbh-3kgy

summary

AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes
Versions of `angular` prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize `xlink:href` attributes, which may allow attackers to execute arbitrary JavaScript in a victim's browser if the value is user-controlled.


## Recommendation

Upgrade to version 1.5.0-beta.1 or later.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14863.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14863.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14863

reference_id

reference_type

scores

value	0.00097
scoring_system	epss
scoring_elements	0.26711
published_at	2026-04-21T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.2675
published_at	2026-04-18T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26778
published_at	2026-04-16T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26771
published_at	2026-04-13T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26828
published_at	2026-04-12T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26872
published_at	2026-04-11T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26869
published_at	2026-04-09T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26822
published_at	2026-04-08T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26753
published_at	2026-04-07T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26963
published_at	2026-04-04T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26926
published_at	2026-04-02T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26886
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14863

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14863
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14863

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://github.com/angular/angular.js/commit/35a21532b73d5bd84b4325211c563e6a3e2dde82

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js/commit/35a21532b73d5bd84b4325211c563e6a3e2dde82

reference_url

https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a

reference_url

https://github.com/angular/angular.js/pull/12524

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js/pull/12524

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14863

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14863

reference_url

https://snyk.io/vuln/npm:angular:20150807

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/npm:angular:20150807

reference_url

https://www.npmjs.com/advisories/1453

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/1453

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1763589
reference_id	1763589
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1763589

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942833
reference_id	942833
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942833

reference_url

https://github.com/advisories/GHSA-r5fx-8r73-v86c

reference_id

GHSA-r5fx-8r73-v86c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r5fx-8r73-v86c

reference_url	https://access.redhat.com/errata/RHSA-2019:4069
reference_id	RHSA-2019:4069
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:4069

reference_url	https://access.redhat.com/errata/RHSA-2019:4071
reference_id	RHSA-2019:4071
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:4071

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

url	pkg:npm/angular@1.5.0-beta.1
purl	pkg:npm/angular@1.5.0-beta.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.5.0-beta.1

url pkg:npm/angular@1.5.0-beta.2

purl pkg:npm/angular@1.5.0-beta.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1nqc-e1g6-e3bf

vulnerability	VCID-1x1p-ye9j-rug4

vulnerability	VCID-2m5b-zvmc-pygf

vulnerability	VCID-6map-62jp-tkgu

vulnerability	VCID-7p32-5sdx-j3hq

vulnerability	VCID-8juz-913g-zfdb

vulnerability	VCID-9nuw-8wc1-vkc4

vulnerability	VCID-cfxn-m6af-2kb8

vulnerability	VCID-cpwp-gasq-kffz

vulnerability	VCID-dxq2-dfym-3fcv

vulnerability	VCID-njvf-2y8u-5kfw

vulnerability	VCID-qwfu-v1x6-e3ep

vulnerability	VCID-rcvr-9ews-tfab

vulnerability	VCID-rvrc-5q4c-63bh

vulnerability	VCID-tbpx-hrpt-gkej

vulnerability	VCID-xd5a-s1n3-bkhg

vulnerability	VCID-yjab-2vra-zug8

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.5.0-beta.2

aliases CVE-2019-14863, GHSA-r5fx-8r73-v86c

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ex2m-smbh-3kgy

url

VCID-njvf-2y8u-5kfw

vulnerability_id

VCID-njvf-2y8u-5kfw

summary

AngularJS improperly sanitizes SVG elements
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images.

This issue affects all versions of AngularJS.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0716.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0716.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-0716

reference_id

reference_type

scores

value	0.00048
scoring_system	epss
scoring_elements	0.14655
published_at	2026-04-21T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14798
published_at	2026-04-02T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14876
published_at	2026-04-04T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14677
published_at	2026-04-07T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14767
published_at	2026-04-08T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14828
published_at	2026-04-09T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14787
published_at	2026-04-11T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.1475
published_at	2026-04-12T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14694
published_at	2026-04-13T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14588
published_at	2026-04-16T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.14594
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-0716

reference_url

https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:33:33Z/

url

https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0716
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0716

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-0716

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-0716

reference_url

https://www.herodevs.com/vulnerability-directory/cve-2025-0716

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:33:33Z/

url

https://www.herodevs.com/vulnerability-directory/cve-2025-0716

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104485
reference_id	1104485
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104485

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2362958
reference_id	2362958
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2362958

reference_url

https://github.com/advisories/GHSA-j58c-ww9w-pwp5

reference_id

GHSA-j58c-ww9w-pwp5

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j58c-ww9w-pwp5

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

aliases

CVE-2025-0716, GHSA-j58c-ww9w-pwp5

risk_score

2.1

exploitability

0.5

weighted_severity

4.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-njvf-2y8u-5kfw

url

VCID-qwfu-v1x6-e3ep

vulnerability_id

VCID-qwfu-v1x6-e3ep

summary

angular vulnerable to regular expression denial of service via the angular.copy() utility
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26116.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26116.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26116

reference_id

reference_type

scores

value	0.00274
scoring_system	epss
scoring_elements	0.50855
published_at	2026-04-12T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.5084
published_at	2026-04-13T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50878
published_at	2026-04-16T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50836
published_at	2026-04-09T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50838
published_at	2026-04-08T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50781
published_at	2026-04-07T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50824
published_at	2026-04-04T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50799
published_at	2026-04-02T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54893
published_at	2026-04-21T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54914
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26116

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26116
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26116

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321

reference_url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/

url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044

reference_url

https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/

url

https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
reference_id	1036694
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2183109
reference_id	2183109
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2183109

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-26116

reference_id

CVE-2023-26116

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-26116

reference_url

https://github.com/advisories/GHSA-2vrf-hf26-jrp5

reference_id

GHSA-2vrf-hf26-jrp5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2vrf-hf26-jrp5

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/

reference_id

OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/

reference_id

UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/

reference_url	https://usn.ubuntu.com/7958-1/
reference_id	USN-7958-1
reference_type
scores
url	https://usn.ubuntu.com/7958-1/

fixed_packages

aliases

CVE-2023-26116, GHSA-2vrf-hf26-jrp5

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-qwfu-v1x6-e3ep

url VCID-rcvr-9ews-tfab

vulnerability_id VCID-rcvr-9ews-tfab

summary

XSS via JQLite DOM manipulation functions in AngularJS
### Summary
XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to `JQLite` methods like `JQLite.prepend`, `JQLite.after`, `JQLite.append`, `JQLite.replaceWith`, `JQLite.append`, `new JQLite` and `angular.element`.

### Description

JQLite (DOM manipulation library that's part of AngularJS) manipulates input HTML before inserting it to the DOM in `jqLiteBuildFragment`.

One of the modifications performed [expands an XHTML self-closing tag](https://github.com/angular/angular.js/blob/418355f1cf9a9a9827ae81d257966e6acfb5623a/src/jqLite.js#L218).

If `jqLiteBuildFragment` is called (e.g. via `new JQLite(aString)`) with user-controlled HTML string that was sanitized (e.g. with [DOMPurify](https://github.com/cure53/DOMPurify)), the transformation done by JQLite may modify some forms of an inert, sanitized payload into a payload containing JavaScript - and trigger an XSS when the payload is inserted into DOM.

This is similar to a bug in jQuery `htmlPrefilter` function that was [fixed in 3.5.0](https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/).

### Proof of concept

```javascript
const inertPayload = `<div><style><style/><img src=x onerror="alert(1337)"/>` 
```
Note that the style element is not closed and `<img` would be a text node inside the style if inserted into the DOM as-is.
As such, some HTML sanitizers would leave the `<img` as is without processing it and stripping the `onerror` attribute.

```javascript
angular.element(document).append(inertPayload);
```
This will alert, as `<style/>` will be replaced with `<style></style>` before adding it to the DOM, closing the style element early and reactivating `img`.

### Patches
The issue is patched in `JQLite` bundled with angular 1.8.0. AngularJS users using JQuery should upgrade JQuery to 3.5.0, as a similar vulnerability [affects jQuery <3.5.0](https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2).

### Workarounds
Changing sanitizer configuration not to allow certain tag grouping (e.g. `<option><style></option>`) or inline style elements may stop certain exploitation vectors, but it's uncertain if all possible exploitation vectors would be covered. Upgrade of AngularJS to 1.8.0 is recommended.

### References
https://github.com/advisories/GHSA-mhp6-pxh8-r675
https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://snyk.io/vuln/SNYK-JS-ANGULAR-570058

references

reference_url

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

reference_url	https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
reference_id
reference_type
scores
url	https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

reference_url

https://github.com/advisories/GHSA-mhp6-pxh8-r675

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-mhp6-pxh8-r675

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://github.com/google/security-research/security/advisories/GHSA-5cp4-xmrw-59wf

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/google/security-research/security/advisories/GHSA-5cp4-xmrw-59wf

reference_url

https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2

reference_url

https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6

reference_url

https://snyk.io/vuln/SNYK-JS-ANGULAR-570058

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-ANGULAR-570058

reference_url

https://github.com/advisories/GHSA-5cp4-xmrw-59wf

reference_id

GHSA-5cp4-xmrw-59wf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5cp4-xmrw-59wf

fixed_packages

url pkg:npm/angular@1.8.0

purl pkg:npm/angular@1.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1x1p-ye9j-rug4

vulnerability	VCID-6map-62jp-tkgu

vulnerability	VCID-8juz-913g-zfdb

vulnerability	VCID-cfxn-m6af-2kb8

vulnerability	VCID-cpwp-gasq-kffz

vulnerability	VCID-njvf-2y8u-5kfw

vulnerability	VCID-qwfu-v1x6-e3ep

vulnerability	VCID-tbpx-hrpt-gkej

vulnerability	VCID-tgyd-qy7s-kkew

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.8.0

aliases GHSA-5cp4-xmrw-59wf, GMS-2020-703

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcvr-9ews-tfab

url VCID-rvrc-5q4c-63bh

vulnerability_id VCID-rvrc-5q4c-63bh

summary

Angular vulnerable to Cross-site Scripting
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping `<option>` elements in `<select>` ones changes parsing behavior, leading to possibly unsanitizing code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7676.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7676.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7676

reference_id

reference_type

scores

value	0.00563
scoring_system	epss
scoring_elements	0.68399
published_at	2026-04-21T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68421
published_at	2026-04-18T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68408
published_at	2026-04-16T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.6837
published_at	2026-04-13T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68403
published_at	2026-04-12T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68415
published_at	2026-04-11T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68388
published_at	2026-04-09T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68371
published_at	2026-04-08T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.6832
published_at	2026-04-07T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68343
published_at	2026-04-04T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68324
published_at	2026-04-02T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68304
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7676

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7676
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7676

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd

reference_url

https://github.com/angular/angular.js/pull/17028

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js/pull/17028

reference_url

https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7676

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7676

reference_url

https://snyk.io/vuln/SNYK-JS-ANGULAR-570058

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-ANGULAR-570058

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1849206
reference_id	1849206
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1849206

reference_url	https://access.redhat.com/errata/RHSA-2020:5249
reference_id	RHSA-2020:5249
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5249

reference_url	https://access.redhat.com/errata/RHSA-2020:5568
reference_id	RHSA-2020:5568
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5568

reference_url	https://access.redhat.com/errata/RHSA-2021:0417
reference_id	RHSA-2021:0417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0417

reference_url	https://access.redhat.com/errata/RHSA-2021:0967
reference_id	RHSA-2021:0967
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0967

reference_url	https://access.redhat.com/errata/RHSA-2021:0968
reference_id	RHSA-2021:0968
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0968

reference_url	https://access.redhat.com/errata/RHSA-2021:0969
reference_id	RHSA-2021:0969
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0969

reference_url	https://access.redhat.com/errata/RHSA-2021:0974
reference_id	RHSA-2021:0974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0974

fixed_packages

url pkg:npm/angular@1.8.0

purl pkg:npm/angular@1.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1x1p-ye9j-rug4

vulnerability	VCID-6map-62jp-tkgu

vulnerability	VCID-8juz-913g-zfdb

vulnerability	VCID-cfxn-m6af-2kb8

vulnerability	VCID-cpwp-gasq-kffz

vulnerability	VCID-njvf-2y8u-5kfw

vulnerability	VCID-qwfu-v1x6-e3ep

vulnerability	VCID-tbpx-hrpt-gkej

vulnerability	VCID-tgyd-qy7s-kkew

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.8.0

aliases CVE-2020-7676, GHSA-mhp6-pxh8-r675

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rvrc-5q4c-63bh

url

VCID-tbpx-hrpt-gkej

vulnerability_id

VCID-tbpx-hrpt-gkej

summary

Angular (deprecated package) Cross-site Scripting
All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of `<textarea>` elements.

NPM package [angular](https://www.npmjs.com/package/angular) is deprecated. Those who want to receive security updates should use the actively maintained package [@angular/core](https://www.npmjs.com/package/@angular/core).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25869.json

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25869.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25869

reference_id

reference_type

scores

value	0.07519
scoring_system	epss
scoring_elements	0.91822
published_at	2026-04-21T12:55:00Z

value	0.07519
scoring_system	epss
scoring_elements	0.91814
published_at	2026-04-12T12:55:00Z

value	0.07519
scoring_system	epss
scoring_elements	0.9183
published_at	2026-04-16T12:55:00Z

value	0.07519
scoring_system	epss
scoring_elements	0.9181
published_at	2026-04-13T12:55:00Z

value	0.07519
scoring_system	epss
scoring_elements	0.91812
published_at	2026-04-11T12:55:00Z

value	0.07519
scoring_system	epss
scoring_elements	0.91809
published_at	2026-04-09T12:55:00Z

value	0.07519
scoring_system	epss
scoring_elements	0.91802
published_at	2026-04-08T12:55:00Z

value	0.07519
scoring_system	epss
scoring_elements	0.9179
published_at	2026-04-07T12:55:00Z

value	0.07708
scoring_system	epss
scoring_elements	0.919
published_at	2026-04-04T12:55:00Z

value	0.07708
scoring_system	epss
scoring_elements	0.91892
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25869

reference_url

https://glitch.com/edit/%23%21/angular-repro-textarea-xss

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://glitch.com/edit/%23%21/angular-repro-textarea-xss

reference_url

https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25869

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25869

reference_url

https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617

reference_url

https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782

reference_url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782

reference_url

https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781

reference_url

https://www.npmjs.com/package/angular

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/package/angular

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
reference_id	1036694
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2362768
reference_id	2362768
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2362768

reference_url

https://github.com/advisories/GHSA-prc3-vjfx-vhm9

reference_id

GHSA-prc3-vjfx-vhm9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-prc3-vjfx-vhm9

fixed_packages

aliases

CVE-2022-25869, GHSA-prc3-vjfx-vhm9

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-tbpx-hrpt-gkej

url VCID-xd5a-s1n3-bkhg

vulnerability_id VCID-xd5a-s1n3-bkhg

summary

angular Prototype Pollution vulnerability
Versions of `angular ` prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function `merge()` does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.

## Recommendation

Upgrade to version 1.7.9 or later. The function was already deprecated and upgrades are not expected to break functionality.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10768.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10768.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10768

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55863
published_at	2026-04-18T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.5586
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55824
published_at	2026-04-13T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55842
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55862
published_at	2026-04-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55854
published_at	2026-04-09T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55851
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.558
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.5582
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55797
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55686
published_at	2026-04-01T12:55:00Z

value	0.00423
scoring_system	epss
scoring_elements	0.62146
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10768

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10768
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10768

reference_url

https://github.com/angular/angular.js

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js

reference_url

https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3

reference_url

https://github.com/angular/angular.js/pull/16913

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/angular/angular.js/pull/16913

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10768

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10768

reference_url

https://snyk.io/vuln/SNYK-JS-ANGULAR-534884

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-ANGULAR-534884

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1813309
reference_id	1813309
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1813309

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945249
reference_id	945249
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945249

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:angularjs:angularjs::::::::
reference_id	cpe:2.3:a:angularjs:angularjs::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:angularjs:angularjs::::::::

reference_url

https://github.com/advisories/GHSA-89mq-4x47-5v83

reference_id

GHSA-89mq-4x47-5v83

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-89mq-4x47-5v83

reference_url	https://access.redhat.com/errata/RHSA-2020:5568
reference_id	RHSA-2020:5568
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5568

reference_url	https://access.redhat.com/errata/RHSA-2021:0417
reference_id	RHSA-2021:0417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0417

reference_url	https://access.redhat.com/errata/RHSA-2022:8849
reference_id	RHSA-2022:8849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8849

reference_url	https://access.redhat.com/errata/RHSA-2022:8866
reference_id	RHSA-2022:8866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8866

reference_url	https://access.redhat.com/errata/RHSA-2023:0274
reference_id	RHSA-2023:0274
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0274

fixed_packages

url pkg:npm/angular@1.7.9

purl pkg:npm/angular@1.7.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1x1p-ye9j-rug4

vulnerability	VCID-6map-62jp-tkgu

vulnerability	VCID-8juz-913g-zfdb

vulnerability	VCID-cfxn-m6af-2kb8

vulnerability	VCID-cpwp-gasq-kffz

vulnerability	VCID-njvf-2y8u-5kfw

vulnerability	VCID-qwfu-v1x6-e3ep

vulnerability	VCID-rcvr-9ews-tfab

vulnerability	VCID-rvrc-5q4c-63bh

vulnerability	VCID-tbpx-hrpt-gkej

vulnerability	VCID-tgyd-qy7s-kkew

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.7.9

aliases CVE-2019-10768, GHSA-89mq-4x47-5v83

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xd5a-s1n3-bkhg

url VCID-yjab-2vra-zug8

vulnerability_id VCID-yjab-2vra-zug8

summary

Bypass CSP protection
, AngularJS allows bootstrapping of invalid/bad svg and currentScript if it was clobbered.

references

reference_url	https://github.com/angular/angular.js/blob/master/CHANGELOG.md#bug-fixes-5
reference_id
reference_type
scores
url	https://github.com/angular/angular.js/blob/master/CHANGELOG.md#bug-fixes-5

reference_url	https://github.com/angular/angular.js/commit/95f964b827b6f5b5aab10af54f7831316c7a9935
reference_id
reference_type
scores
url	https://github.com/angular/angular.js/commit/95f964b827b6f5b5aab10af54f7831316c7a9935

reference_url	https://github.com/angular/angular.js/commit/c8f78a8ca9debc33a6deaf951f344b8d372bf210
reference_id
reference_type
scores
url	https://github.com/angular/angular.js/commit/c8f78a8ca9debc33a6deaf951f344b8d372bf210

fixed_packages

url pkg:npm/angular@1.6.3

purl pkg:npm/angular@1.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1x1p-ye9j-rug4

vulnerability	VCID-2m5b-zvmc-pygf

vulnerability	VCID-6map-62jp-tkgu

vulnerability	VCID-8juz-913g-zfdb

vulnerability	VCID-cfxn-m6af-2kb8

vulnerability	VCID-cpwp-gasq-kffz

vulnerability	VCID-dxq2-dfym-3fcv

vulnerability	VCID-njvf-2y8u-5kfw

vulnerability	VCID-qwfu-v1x6-e3ep

vulnerability	VCID-rcvr-9ews-tfab

vulnerability	VCID-rvrc-5q4c-63bh

vulnerability	VCID-tbpx-hrpt-gkej

vulnerability	VCID-xd5a-s1n3-bkhg

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.3

aliases GMS-2017-110

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yjab-2vra-zug8

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.4.0-beta.1

Package Instance