Open mend-for-github-com[bot] opened 3 years ago
HTML enhanced for web apps
Library home page: https://registry.npmjs.org/angular/-/angular-1.6.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/angular/package.json
Dependency Hierarchy: - :x: **angular-1.6.1.tgz** (Vulnerable Library)
Found in HEAD commit: c977b86ccad42153837b2630ab4823d952449f3c
Found in base branch: master
On Firefox there is a XSS vulnerability in case a malicious attacker can write into the `xml:base` attribute on an SVG anchor.
Publish Date: 2018-01-06
URL: WS-2018-0015
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
Type: Upgrade version
Release Date: 2018-01-06
Fix Resolution: 1.6.9
WS-2018-0015 - Medium Severity Vulnerability
Vulnerable Library - angular-1.6.1.tgz
HTML enhanced for web apps
Library home page: https://registry.npmjs.org/angular/-/angular-1.6.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/angular/package.json
Dependency Hierarchy: - :x: **angular-1.6.1.tgz** (Vulnerable Library)
Found in HEAD commit: c977b86ccad42153837b2630ab4823d952449f3c
Found in base branch: master
Vulnerability Details
On Firefox there is a XSS vulnerability in case a malicious attacker can write into the `xml:base` attribute on an SVG anchor.
Publish Date: 2018-01-06
URL: WS-2018-0015
CVSS 3 Score Details (6.1)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2018-01-06
Fix Resolution: 1.6.9