CVE-2024-8373: AngularJS improper sanitization in '<source>' element
First published: Mon Sep 09 2024(Updated: )
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Credit: 36c7be3b-2937-45df-85ea-ca7133ea542c 36c7be3b-2937-45df-85ea-ca7133ea542c
| Affected Software | Affected Version | How to fix |
|---|---|---|
| npm/angular | <=1.8.3 | |
| AngularJS | <1.9.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2024-8373
- https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
- https://www.herodevs.com/vulnerability-directory/cve-2024-8373
- https://github.com/advisories/GHSA-mqm9-c95h-x2p6 (Advisory)
- https://security.netapp.com/advisory/ntap-20241122-0003
- https://security.netapp.com/advisory/ntap-20241122-0003/
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/description
- collector/github-advisory
- source/GitHub
- alias/GHSA-mqm9-c95h-x2p6
- alias/CVE-2024-8373
- agent/software-canonical-lookup
- agent/severity
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- collector/github-advisory-latest
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-api
- package-manager/npm
- vendor/angularjs
- canonical/angularjs