Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DevAudit] [audit] audit on 3/19/2017 11:51 PM #1

Open
allisterb opened this issue Mar 19, 2017 · 0 comments
Open

[DevAudit] [audit] audit on 3/19/2017 11:51 PM #1

allisterb opened this issue Mar 19, 2017 · 0 comments

Comments

@allisterb
Copy link
Owner

Package Source Audit Results

1 total vulnerability found in Bower package source audit.

[1/3] angular [VULNERABLE] 21 known vulnerabilities, 1 affecting installed package version(s): [^1.5.0]
--[1/1] Cross Site Scripting (XSS) when loaded from an extension
--Description: > Extension URIs (resource://...) bypass Content-Security-Policy in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an extension installed that uses Angular, an attacke[r] can load Angular from the extension, and Angular's auto-bootstrapping can be used to bypass the victim site's CSP protection.

-- github.com
--Affected versions: >=1.5.0 <1.5.9

[2/3] node-uuid 2 known vulnerabilities, 0 affecting installed package version(s).
[3/3] react 3 known vulnerabilities, 0 affecting installed package version(s).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant