CVE-2024-8372: AngularJS improper sanitization in 'srcset' attribute

First published: Mon Sep 09 2024(Updated: )

Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

Credit: 36c7be3b-2937-45df-85ea-ca7133ea542c 36c7be3b-2937-45df-85ea-ca7133ea542c

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/weakness
• agent/title
• agent/type
• agent/first-publish-date
• agent/author
• agent/description
• agent/severity
• collector/epss-latest
• source/FIRST
• agent/epss
• collector/mitre-cve
• source/MITRE
• collector/github-advisory-latest
• source/GitHub
• alias/GHSA-m9gf-397r-hwpg
• alias/CVE-2024-8372
• agent/software-canonical-lookup
• agent/last-modified-date
• collector/github-advisory
• collector/nvd-api
• source/NVD
• agent/references
• agent/softwarecombine
• agent/tags
• agent/event
• collector/nvd-cve
• agent/trending
• package-manager/npm
• vendor/angularjs
• canonical/angularjs angular.js
• version/angularjs angular.js/1.3.1
• version/angularjs angular.js/1.3.0-rc4
• version/angularjs angular.js/1.3.0-rc5