{"url":"http://public2.vulnerablecode.io/api/packages/96916?format=json","purl":"pkg:npm/angular@1.2.21","type":"npm","namespace":"","name":"angular","version":"1.2.21","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.7.9","latest_non_vulnerable_version":"1.8.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11305?format=json","vulnerability_id":"VCID-3xrn-c2s9-puc4","summary":"Denial of service in $sanitize\nRunning $sanitize on bad HTML can freeze the browser. The problem occurs with clobbered data; typically the \"nextSibling\" property on an element is changed to one of it's child node, this makes it impossible to walk the HTML tree and leads to an infinite loop which freezes the browser.","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52268?format=json","purl":"pkg:npm/angular@1.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7bqm-uvf4-3yad"},{"vulnerability":"VCID-udyf-r4mh-x7cu"},{"vulnerability":"VCID-z2pj-4dxf-3qag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.3"}],"aliases":["GMS-2017-115"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xrn-c2s9-puc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11412?format=json","vulnerability_id":"VCID-7bqm-uvf4-3yad","summary":"XSS in $sanitize in Safari/Firefox\nBoth Firefox and Safari are vulnerable to XSS if we use an inert document created via `document.implementation.createHTMLDocument()`.","references":[{"reference_url":"https://github.com/angular/angular.js/blob/master/CHANGELOG.md#165-toffee-salinization-2017-07-03","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/blob/master/CHANGELOG.md#165-toffee-salinization-2017-07-03"},{"reference_url":"https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52576?format=json","purl":"pkg:npm/angular@1.6.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-udyf-r4mh-x7cu"},{"vulnerability":"VCID-z2pj-4dxf-3qag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.5"}],"aliases":["GMS-2017-134"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7bqm-uvf4-3yad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139645?format=json","vulnerability_id":"VCID-h1qm-xwva-2uf3","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14863","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26744","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14863"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://github.com/angular/angular.js/commit/35a21532b73d5bd84b4325211c563e6a3e2dde82","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/commit/35a21532b73d5bd84b4325211c563e6a3e2dde82"},{"reference_url":"https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a"},{"reference_url":"https://github.com/angular/angular.js/pull/12524","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/pull/12524"},{"reference_url":"https://snyk.io/vuln/npm:angular:20150807","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/npm:angular:20150807"},{"reference_url":"https://www.npmjs.com/advisories/1453","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1453"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942833","reference_id":"942833","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942833"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14863","reference_id":"CVE-2019-14863","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14863"},{"reference_url":"https://github.com/advisories/GHSA-r5fx-8r73-v86c","reference_id":"GHSA-r5fx-8r73-v86c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r5fx-8r73-v86c"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74644?format=json","purl":"pkg:npm/angular@1.5.0-beta.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.5.0-beta.1"},{"url":"http://public2.vulnerablecode.io/api/packages/97784?format=json","purl":"pkg:npm/angular@1.5.0-beta.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xrn-c2s9-puc4"},{"vulnerability":"VCID-7bqm-uvf4-3yad"},{"vulnerability":"VCID-uax8-wmy5-93hz"},{"vulnerability":"VCID-udyf-r4mh-x7cu"},{"vulnerability":"VCID-vxcp-eaa7-nyab"},{"vulnerability":"VCID-xqkp-4es6-4kam"},{"vulnerability":"VCID-z2pj-4dxf-3qag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.5.0-beta.2"}],"aliases":["CVE-2019-14863","GHSA-r5fx-8r73-v86c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h1qm-xwva-2uf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10979?format=json","vulnerability_id":"VCID-jmwe-jac4-5uaw","summary":"Code Injection\nThe attribute usemap can be used as a security exploit.","references":[{"reference_url":"https://github.com/angular/angular.js/commit/f35f334bd3197585bdf034f4b6d9ffa3122dac62","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/f35f334bd3197585bdf034f4b6d9ffa3122dac62"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51783?format=json","purl":"pkg:npm/angular@1.2.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xrn-c2s9-puc4"},{"vulnerability":"VCID-7bqm-uvf4-3yad"},{"vulnerability":"VCID-h1qm-xwva-2uf3"},{"vulnerability":"VCID-uax8-wmy5-93hz"},{"vulnerability":"VCID-udyf-r4mh-x7cu"},{"vulnerability":"VCID-vxcp-eaa7-nyab"},{"vulnerability":"VCID-xqkp-4es6-4kam"},{"vulnerability":"VCID-z2pj-4dxf-3qag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.2.30"},{"url":"http://public2.vulnerablecode.io/api/packages/96922?format=json","purl":"pkg:npm/angular@1.3.0-rc.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xrn-c2s9-puc4"},{"vulnerability":"VCID-7bqm-uvf4-3yad"},{"vulnerability":"VCID-h1qm-xwva-2uf3"},{"vulnerability":"VCID-uax8-wmy5-93hz"},{"vulnerability":"VCID-udyf-r4mh-x7cu"},{"vulnerability":"VCID-vxcp-eaa7-nyab"},{"vulnerability":"VCID-xqkp-4es6-4kam"},{"vulnerability":"VCID-z2pj-4dxf-3qag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.3.0-rc.5"}],"aliases":["GMS-2016-48"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jmwe-jac4-5uaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11289?format=json","vulnerability_id":"VCID-uax8-wmy5-93hz","summary":"Bypass CSP protection\n, AngularJS allows bootstrapping of invalid/bad svg and currentScript if it was clobbered.","references":[{"reference_url":"https://github.com/angular/angular.js/blob/master/CHANGELOG.md#bug-fixes-5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/blob/master/CHANGELOG.md#bug-fixes-5"},{"reference_url":"https://github.com/angular/angular.js/commit/95f964b827b6f5b5aab10af54f7831316c7a9935","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/95f964b827b6f5b5aab10af54f7831316c7a9935"},{"reference_url":"https://github.com/angular/angular.js/commit/c8f78a8ca9debc33a6deaf951f344b8d372bf210","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/c8f78a8ca9debc33a6deaf951f344b8d372bf210"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52268?format=json","purl":"pkg:npm/angular@1.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7bqm-uvf4-3yad"},{"vulnerability":"VCID-udyf-r4mh-x7cu"},{"vulnerability":"VCID-z2pj-4dxf-3qag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.3"}],"aliases":["GMS-2017-110"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uax8-wmy5-93hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12128?format=json","vulnerability_id":"VCID-udyf-r4mh-x7cu","summary":"Cross Site Scripting\nOn Firefox there is a XSS vulnerability if a malicious attacker can write into the `xml:base` attribute on an SVG anchor.","references":[{"reference_url":"https://github.com/RetireJS/retire.js/commit/ed3512729af76583b28611a4a1b6a8797d7f074c#diff-8b52b7156debed9dd797400ff51e3e15","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/RetireJS/retire.js/commit/ed3512729af76583b28611a4a1b6a8797d7f074c#diff-8b52b7156debed9dd797400ff51e3e15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53966?format=json","purl":"pkg:npm/angular@1.6.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-z2pj-4dxf-3qag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.9"}],"aliases":["GMS-2018-9"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-udyf-r4mh-x7cu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13758?format=json","vulnerability_id":"VCID-vxcp-eaa7-nyab","summary":"Cross-Site Scripting via JSONP\nJSONP allows untrusted resource URLs, which provides a vector for attack by malicious actors.","references":[{"reference_url":"https://github.com/angular/angular.js/commit/6476af83cd0418c84e034a955b12a842794385c4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/commit/6476af83cd0418c84e034a955b12a842794385c4"},{"reference_url":"https://www.npmjs.com/advisories/1630","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1630"},{"reference_url":"https://github.com/advisories/GHSA-28hp-fgcr-2r4h","reference_id":"GHSA-28hp-fgcr-2r4h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-28hp-fgcr-2r4h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51897?format=json","purl":"pkg:npm/angular@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xrn-c2s9-puc4"},{"vulnerability":"VCID-7bqm-uvf4-3yad"},{"vulnerability":"VCID-uax8-wmy5-93hz"},{"vulnerability":"VCID-udyf-r4mh-x7cu"},{"vulnerability":"VCID-z2pj-4dxf-3qag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.0"}],"aliases":["GHSA-28hp-fgcr-2r4h","GMS-2019-114"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vxcp-eaa7-nyab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11040?format=json","vulnerability_id":"VCID-xqkp-4es6-4kam","summary":"Bypass CSP protection\nExtension URIs (`resource://...`) bypass ````Content-Security-Policy```` in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an extension installed that uses Angular, an attacked can load Angular from the extension, and Angular's auto-bootstrapping can be used to bypass the victim site's CSP protection.","references":[{"reference_url":"https://github.com/angular/angular.js/commit/0ff10e1b56c6b7c4ac465e35c96a5886e294bac5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/0ff10e1b56c6b7c4ac465e35c96a5886e294bac5"},{"reference_url":"https://github.com/angular/angular.js/commit/6ce2913d99bb0dade6027ba9733295d0aa13b242","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/6ce2913d99bb0dade6027ba9733295d0aa13b242"},{"reference_url":"https://github.com/angular/angular.js/commit/a649758655843275cc477fb638f8e55f72a4eaa6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/a649758655843275cc477fb638f8e55f72a4eaa6"},{"reference_url":"https://github.com/angular/angular.js/commit/ebe90051eda8a3328e5993cca1663e28d03113d0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/ebe90051eda8a3328e5993cca1663e28d03113d0"},{"reference_url":"https://github.com/mozilla/addons-linter/issues/1000","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mozilla/addons-linter/issues/1000"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51896?format=json","purl":"pkg:npm/angular@1.5.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xrn-c2s9-puc4"},{"vulnerability":"VCID-7bqm-uvf4-3yad"},{"vulnerability":"VCID-uax8-wmy5-93hz"},{"vulnerability":"VCID-udyf-r4mh-x7cu"},{"vulnerability":"VCID-vxcp-eaa7-nyab"},{"vulnerability":"VCID-z2pj-4dxf-3qag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.5.9"},{"url":"http://public2.vulnerablecode.io/api/packages/51898?format=json","purl":"pkg:npm/angular@1.6.0-rc.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xrn-c2s9-puc4"},{"vulnerability":"VCID-7bqm-uvf4-3yad"},{"vulnerability":"VCID-uax8-wmy5-93hz"},{"vulnerability":"VCID-udyf-r4mh-x7cu"},{"vulnerability":"VCID-vxcp-eaa7-nyab"},{"vulnerability":"VCID-z2pj-4dxf-3qag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.0-rc.1"},{"url":"http://public2.vulnerablecode.io/api/packages/51897?format=json","purl":"pkg:npm/angular@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xrn-c2s9-puc4"},{"vulnerability":"VCID-7bqm-uvf4-3yad"},{"vulnerability":"VCID-uax8-wmy5-93hz"},{"vulnerability":"VCID-udyf-r4mh-x7cu"},{"vulnerability":"VCID-z2pj-4dxf-3qag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.0"}],"aliases":["GMS-2016-73"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xqkp-4es6-4kam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/136893?format=json","vulnerability_id":"VCID-z2pj-4dxf-3qag","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10768","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61708","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10768"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3"},{"reference_url":"https://github.com/angular/angular.js/pull/16913","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/pull/16913"},{"reference_url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-534884","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-534884"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945249","reference_id":"945249","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945249"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10768","reference_id":"CVE-2019-10768","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10768"},{"reference_url":"https://github.com/advisories/GHSA-89mq-4x47-5v83","reference_id":"GHSA-89mq-4x47-5v83","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-89mq-4x47-5v83"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74405?format=json","purl":"pkg:npm/angular@1.7.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.7.9"}],"aliases":["CVE-2019-10768","GHSA-89mq-4x47-5v83"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z2pj-4dxf-3qag"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.2.21"}