search

ManageIQ / manageiq-ui-classic

Classic UI of ManageIQ
Apache License 2.0
50 stars 357 forks source link

CVE-2020-7676 (Medium) detected in angular-1.6.10.tgz, angular-1.5.11.tgz #8043

Open mend-bolt-for-github[bot] opened 2 years ago

mend-bolt-for-github[bot] commented 2 years ago

CVE-2020-7676 - Medium Severity Vulnerability

Vulnerable Libraries - angular-1.6.10.tgz, angular-1.5.11.tgz

angular-1.6.10.tgz

HTML enhanced for web apps

Library home page: https://registry.npmjs.org/angular/-/angular-1.6.10.tgz

Path to dependency file: /package.json

Path to vulnerable library: /home/wss-scanner/.yarn/berry/cache/angular-npm-1.6.10-36c4afca0d-10.zip

Dependency Hierarchy: - :x: **angular-1.6.10.tgz** (Vulnerable Library)

angular-1.5.11.tgz

HTML enhanced for web apps

Library home page: https://registry.npmjs.org/angular/-/angular-1.5.11.tgz

Path to dependency file: /package.json

Path to vulnerable library: /home/wss-scanner/.yarn/berry/cache/angular-npm-1.5.11-136e8acd47-10.zip

Dependency Hierarchy: - angular-patternfly-3.26.0.tgz (Root Library) - :x: **angular-1.5.11.tgz** (Vulnerable Library)

Found in HEAD commit: d87706978173ac6516da5e83374518c21263b77b

Found in base branch: master

Vulnerability Details

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "