You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1 total vulnerability found in Bower package source audit.
[1/3] angular [VULNERABLE] 21 known vulnerabilities, 1 affecting installed package version(s): [^1.5.0]
--[1/1] Cross Site Scripting (XSS) when loaded from an extension
--Description: > Extension URIs (resource://...) bypass Content-Security-Policy in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an extension installed that uses Angular, an attacke[r] can load Angular from the extension, and Angular's auto-bootstrapping can be used to bypass the victim site's CSP protection.
Package Source Audit Results
1 total vulnerability found in Bower package source audit.
[1/3] angular [VULNERABLE] 21 known vulnerabilities, 1 affecting installed package version(s): [^1.5.0]
--[1/1] Cross Site Scripting (XSS) when loaded from an extension
--Description: > Extension URIs (
resource://...
) bypass Content-Security-Policy in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an extension installed that uses Angular, an attacke[r] can load Angular from the extension, and Angular's auto-bootstrapping can be used to bypass the victim site's CSP protection.[2/3] node-uuid 2 known vulnerabilities, 0 affecting installed package version(s).
[3/3] react 3 known vulnerabilities, 0 affecting installed package version(s).
The text was updated successfully, but these errors were encountered: