Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-67hr-2fv8-ykcj
Vulnerability ID VCID-67hr-2fv8-ykcj
Aliases CVE-2019-10768
GHSA-89mq-4x47-5v83
Summary angular Prototype Pollution vulnerability
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (6)
CWE-20 Improper Input Validation
CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10768.json
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2019-10768
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-89mq-4x47-5v83
cvssv3.1 7.5 https://github.com/angular/angular.js
generic_textual HIGH https://github.com/angular/angular.js
cvssv3.1 7.5 https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
generic_textual HIGH https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
cvssv3.1 7.5 https://github.com/angular/angular.js/pull/16913
generic_textual HIGH https://github.com/angular/angular.js/pull/16913
cvssv3.1 7.5 https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-10768
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2019-10768
cvssv3.1 7.5 https://snyk.io/vuln/SNYK-JS-ANGULAR-534884
generic_textual HIGH https://snyk.io/vuln/SNYK-JS-ANGULAR-534884
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10768.json
https://api.first.org/data/v1/epss?cve=CVE-2019-10768
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10768
https://github.com/angular/angular.js
https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
https://github.com/angular/angular.js/pull/16913
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
https://snyk.io/vuln/SNYK-JS-ANGULAR-534884
1813309 https://bugzilla.redhat.com/show_bug.cgi?id=1813309
945249 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945249
CVE-2019-10768 https://nvd.nist.gov/vuln/detail/CVE-2019-10768
GHSA-89mq-4x47-5v83 https://github.com/advisories/GHSA-89mq-4x47-5v83
RHSA-2020:5568 https://access.redhat.com/errata/RHSA-2020:5568
RHSA-2021:0417 https://access.redhat.com/errata/RHSA-2021:0417
RHSA-2022:8849 https://access.redhat.com/errata/RHSA-2022:8849
RHSA-2022:8866 https://access.redhat.com/errata/RHSA-2022:8866
RHSA-2023:0274 https://access.redhat.com/errata/RHSA-2023:0274
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10768.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/angular/angular.js
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/angular/angular.js/pull/16913
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10768
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://snyk.io/vuln/SNYK-JS-ANGULAR-534884
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.61863
EPSS Score 0.00411
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:25:39.765829+00:00 GHSA Importer Import https://github.com/advisories/GHSA-89mq-4x47-5v83 38.6.0