search

turkdevops / play-with-docker

You know it, you use it, now it's time to improve it. PWD!.
http://play-with-docker.com
MIT License
0 stars 0 forks source link

CVE-2020-7676 (Medium) detected in angular-1.6.6.min.js, angular-1.5.5.min.js #10

Open mend-bolt-for-github[bot] opened 3 years ago

mend-bolt-for-github[bot] commented 3 years ago

CVE-2020-7676 - Medium Severity Vulnerability

Vulnerable Libraries - angular-1.6.6.min.js, angular-1.5.5.min.js

angular-1.6.6.min.js

AngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.6.6/angular.min.js

Path to dependency file: /handlers/www/k8s/landing.html

Path to vulnerable library: /handlers/www/k8s/landing.html

Dependency Hierarchy: - :x: **angular-1.6.6.min.js** (Vulnerable Library)

angular-1.5.5.min.js

AngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.5/angular.min.js

Path to dependency file: /handlers/www/bypass.html

Path to vulnerable library: /handlers/www/bypass.html,/handlers/www/default/index.html

Dependency Hierarchy: - :x: **angular-1.5.5.min.js** (Vulnerable Library)

Found in HEAD commit: b855cec5559a8daf1ed5e7e1c654fd5c4d5a3fa7

Found in base branch: master

Vulnerability Details

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "