- Description
- Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (undisclosed) payload, one can get full access to Arbitrary code execution on the system. The problem has been patched in version 1.4.3 of Angular Expressions. Two possible workarounds are available. One may either disable access to `__proto__` globally or make sure that one uses the function with just one argument.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-94
- Hype score
- Not currently trending
Warning: A Proof-of-Concept exploit is now available for the critical (9.8) execution of arbitrary code vulnerability (CVE-2024-54152) affecting @Angular Expressions. #Patch #Patch #Patch
@CCBalert
3 Jan 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - math-x-io/CVE-2024-54152-poc https://t.co/f5xaGg6b7t
@akaclandestine
31 Dec 2024
641 Impressions
1 Retweet
4 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2024-54152: Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. PoC https://t.co/5Ujvm6l7uY ht
@cyber_advising
30 Dec 2024
4851 Impressions
14 Retweets
58 Likes
29 Bookmarks
1 Reply
0 Quotes
GitHub - math-x-io/CVE-2024-54152-poc - https://t.co/OLnP5DsSeN
@piedpiper1616
30 Dec 2024
487 Impressions
3 Retweets
3 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 A Critical Vulnerability Exists in Peerigon Angular Expressions (CVE-2024-54152). Please see the @ncsc_gov_ie advisory for more info: https://t.co/aqAMKaQu5Q
@ncsc_gov_ie
13 Dec 2024
223 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54152 Arbitrary Code Execution Vulnerability in Angular Expressions Pre-1.4.3 Angular Expressions is a module for Angular.JS that offers expressions. Before version 1.4.3, attackers could write harmful e... https://t.co/rb0uvUYFKw
@VulmonFeeds
10 Dec 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-54152: CRITICAL] Vulnerability in Angular Expressions (pre-1.4.3) allowed attackers to execute arbitrary code. Ensure system security by updating to version 1.4.3 or implementing provided workarounds. #cybersecurity,#vulnerability https://t.co/BC3y2lK04p https://t.co/cX
@CveFindCom
10 Dec 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54152 Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression… https://t.co/exCqTf6Rfy
@CVEnew
10 Dec 2024
216 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes