CVE-2024-8372

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-8372
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8372.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-8372
Aliases
Downstream
Related
Published
2024-09-09T14:46:03.134Z
Modified
2026-05-01T04:26:35.129622Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
AngularJS improper sanitization in 'srcset' attribute
Details

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .

This issue affects AngularJS versions 1.3.0-rc.4 and greater.

Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

Database specific 
{
    "cna_assigner": "HeroDevs",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/8xxx/CVE-2024-8372.json",
    "cwe_ids": [
        "CWE-1289"
    ]
}
References

Affected packages

Git / github.com/angular/angular.js

Affected ranges

Type
GIT
Repo
https://github.com/angular/angular.js
Events
Introduced
ed6e91b31824b57a084b33b4fc7f869c8d5909be
Last affected
cf16b241e1c61c22a820ed8211bc2332ede88e62
Database specific 
{
    "versions": [
        {
            "introduced": "1.3.1"
        },
        {
            "last_affected": "1.8.3"
        }
    ]
}

Affected versions

v1.*
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.4.0
v1.4.0-beta.0
v1.4.0-beta.1
v1.4.0-beta.2
v1.4.0-beta.3
v1.4.0-beta.4
v1.4.0-beta.5
v1.4.0-beta.6
v1.4.0-rc.0
v1.4.0-rc.1
v1.4.0-rc.2
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.5.0
v1.5.0-beta.0
v1.5.0-beta.1
v1.5.0-beta.2
v1.5.0-rc.0
v1.5.0-rc.1
v1.5.0-rc.2
v1.5.1
v1.6.0
v1.6.0-rc.0
v1.6.0-rc.1
v1.6.0-rc.2
v1.7.0
v1.7.0-rc.0
v1.8.0
v1.8.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8372.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.3.0-rc4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.3.0-rc5"
            }
        ]
    }
]