CVE-2024-8372

Published Sep 9, 2024

Last updated 13 days ago

CVSS medium 4.8

Overview

Description: Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Source: 36c7be3b-2937-45df-85ea-ca7133ea542c
NVD status: Analyzed
CNA Tags: unsupported-when-assigned

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

36c7be3b-2937-45df-85ea-ca7133ea542c: CWE-1289
nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CD17573-36D8-455C-B1B3-FFE342951746",
            "versionEndIncluding": "1.8.3",
            "versionStartIncluding": "1.3.1"
          },
          {
            "criteria": "cpe:2.3:a:angularjs:angular.js:1.3.0:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A5D6F17-EDC9-41C4-9C83-F18A09419A2B"
          },
          {
            "criteria": "cpe:2.3:a:angularjs:angular.js:1.3.0:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2940EF6-BE3C-4B5A-88D9-66346DD89179"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1"
          },
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC"
          },
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References