rlennon / whitesource_bolt_demo

Using OS code from Portainer to represent a relatively large project. Whitesource Bolt is used to scan the repo.
0 stars 0 forks source link

CVE-2024-8372 (Medium) detected in angular-1.8.0.tgz #196

Open mend-bolt-for-github[bot] opened 2 months ago

mend-bolt-for-github[bot] commented 2 months ago

CVE-2024-8372 - Medium Severity Vulnerability

Vulnerable Library - angular-1.8.0.tgz

HTML enhanced for web apps

Library home page: https://registry.npmjs.org/angular/-/angular-1.8.0.tgz

Path to dependency file: /portainer-develop/portainer-develop/package.json

Path to vulnerable library: /portainer-develop/portainer-develop/node_modules/angular/package.json

Dependency Hierarchy: - :x: **angular-1.8.0.tgz** (Vulnerable Library)

Found in HEAD commit: ec9d972edb7fb1ea028782bd0f770272d89e0c60

Found in base branch: main

Vulnerability Details

Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

Publish Date: 2024-09-09

URL: CVE-2024-8372

CVSS 3 Score Details (4.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.


Step up your Open Source Security Game with Mend here