search

billmcchesney1 / hadoop

Mirror of Apache Hadoop
Apache License 2.0
0 stars 0 forks source link

CVE-2020-7676 (Medium) detected in angular-1.6.10.tgz #125

Open mend-for-github-com[bot] opened 3 years ago

mend-for-github-com[bot] commented 3 years ago

CVE-2020-7676 - Medium Severity Vulnerability

Vulnerable Library - angular-1.6.10.tgz

HTML enhanced for web apps

Library home page: https://registry.npmjs.org/angular/-/angular-1.6.10.tgz

Path to dependency file: /hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-applications-catalog/hadoop-yarn-applications-catalog-webapp/package.json

Path to vulnerable library: /hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-applications-catalog/hadoop-yarn-applications-catalog-webapp/node_modules/angular/package.json

Dependency Hierarchy: - :x: **angular-1.6.10.tgz** (Vulnerable Library)

Found in HEAD commit: 6dcd8400219941dcbd7fb0f6b980cc2c6a2a6b0a

Found in base branch: trunk

Vulnerability Details

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "