CVE-2020-7676
- Source
- https://cve.org/CVERecord?id=CVE-2020-7676
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7676.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-7676
- Aliases
-
- GHSA-mhp6-pxh8-r675
- SNYK-JS-ANGULAR-570058
- Downstream
- Published
- 2020-06-08T14:15:13.133Z
- Modified
- 2026-05-30T16:10:59.968512Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.
- References
-
- https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E
- https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E
- https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
- https://github.com/angular/angular.js/pull/17028%2C
Affected packages
Git / github.com/angular/angular.js
Affected ranges
- Type
- GIT
- Repo
- https://github.com/angular/angular.js
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "cpe": "cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "fixed": "1.8.0" } ], "source": "CPE_RANGE" }
Affected versions
g3-v1.*
g3-v1.0.0-rc2
g3-v1.0.0rc1
v0.*
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.9.0
v0.9.1
v0.9.10
v0.9.11
v0.9.12
v0.9.13
v0.9.14
v0.9.15
v0.9.16
v0.9.17
v0.9.18
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.9
v1.*
v1.0.0
v1.0.0rc1
v1.0.0rc10
v1.0.0rc11
v1.0.0rc12
v1.0.0rc2
v1.0.0rc3
v1.0.0rc4
v1.0.0rc5
v1.0.0rc6
v1.0.0rc7
v1.0.0rc8
v1.0.0rc9
v1.0.1
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.2.0
v1.2.0-rc.2
v1.2.0-rc.3
v1.2.0rc1
v1.2.1
v1.2.10
v1.2.11
v1.2.12
v1.2.13
v1.2.14
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.2.9
v1.3.0
v1.3.0-beta.1
v1.3.0-beta.10
v1.3.0-beta.11
v1.3.0-beta.12
v1.3.0-beta.13
v1.3.0-beta.14
v1.3.0-beta.15
v1.3.0-beta.16
v1.3.0-beta.17
v1.3.0-beta.18
v1.3.0-beta.19
v1.3.0-beta.2
v1.3.0-beta.3
v1.3.0-beta.4
v1.3.0-beta.5
v1.3.0-beta.6
v1.3.0-beta.7
v1.3.0-beta.8
v1.3.0-beta.9
v1.3.0-rc.0
v1.3.0-rc.1
v1.3.0-rc.2
v1.3.0-rc.3
v1.3.0-rc.4
v1.3.0-rc.5
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.4.0
v1.4.0-beta.0
v1.4.0-beta.1
v1.4.0-beta.2
v1.4.0-beta.3
v1.4.0-beta.4
v1.4.0-beta.5
v1.4.0-beta.6
v1.4.0-rc.0
v1.4.0-rc.1
v1.4.0-rc.2
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.5.0
v1.5.0-beta.0
v1.5.0-beta.1
v1.5.0-beta.2
v1.5.0-rc.0
v1.5.0-rc.1
v1.5.0-rc.2
v1.5.1
v1.6.0
v1.6.0-rc.0
v1.6.0-rc.1
v1.6.0-rc.2
v1.7.0
v1.7.0-rc.0