GHSA-mhp6-pxh8-r675
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mhp6-pxh8-r675
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-mhp6-pxh8-r675/GHSA-mhp6-pxh8-r675.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-mhp6-pxh8-r675
- Aliases
-
- CVE-2020-7676
- SNYK-JS-ANGULAR-570058
- Published
- 2020-06-18T14:19:58Z
- Modified
- 2023-11-01T04:53:32.974963Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross site scripting in Angular
- Details
-
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping
<option>elements in<select>ones changes parsing behavior, leading to possibly unsanitizing code. - Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-06-18T14:09:41Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-7676
- https://github.com/angular/angular.js/pull/17028
- https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd
- https://github.com/angular/angular.js
- https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E
- https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E
- https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
Affected packages
npm / angular
Package
- Name
- angular
- View open source insights on deps.dev
- Purl
- pkg:npm/angular