WS-2017-0113 (High) detected in angular-1.5.5.js, angular-1.5.3.js #4

mend-bolt-for-github · 2019-06-01T00:05:04Z

WS-2017-0113 - High Severity Vulnerability

Vulnerable Libraries - angular-1.5.5.js, angular-1.5.3.js

angular-1.5.5.js

AngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.5/angular.js

Path to dependency file: angular/aio/content/examples/upgrade-phonecat-2-hybrid/index.html

Path to vulnerable library: angular/aio/content/examples/upgrade-phonecat-2-hybrid/index.html,angular/aio/content/examples/upgrade-phonecat-1-typescript/app/index.html

Dependency Hierarchy:

❌ angular-1.5.5.js (Vulnerable Library)

angular-1.5.3.js

AngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.3/angular.js

Path to dependency file: angular/aio/content/examples/upgrade-module/src/index-ajs-to-a-providers.html

Path to vulnerable library: angular/aio/content/examples/upgrade-module/src/index-ajs-to-a-providers.html

Dependency Hierarchy:

❌ angular-1.5.3.js (Vulnerable Library)

Found in HEAD commit: 60bbbaa8d5e3212ed4a0369fe8947dd6d730293b

Vulnerability Details

angular.js is vulnerable to XSS. This happens since an attacker can load Angular from the extension, and Angular's auto-bootstrapping can be used to bypass the victim site's CSP protection.

Publish Date: 2016-11-02

URL: WS-2017-0113

CVSS 3 Score Details (8.6)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: angular/angular.js#15346

Release Date: 2016-11-02

Fix Resolution: angular - 1.6.0

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Jun 1, 2019

mend-bolt-for-github bot changed the title ~~WS-2017-0113 (Medium) detected in angular-1.5.5.js, angular-1.5.3.js~~ WS-2017-0113 (High) detected in angular-1.5.3.js, angular-1.5.5.js Oct 19, 2020

mend-bolt-for-github bot changed the title ~~WS-2017-0113 (High) detected in angular-1.5.3.js, angular-1.5.5.js~~ WS-2017-0113 (High) detected in angular-1.5.5.js, angular-1.5.3.js Nov 13, 2020

mend-bolt-for-github bot changed the title ~~WS-2017-0113 (High) detected in angular-1.5.5.js, angular-1.5.3.js~~ WS-2017-0113 (High) detected in angular-1.5.3.js, angular-1.5.5.js Nov 18, 2020

mend-bolt-for-github bot changed the title ~~WS-2017-0113 (High) detected in angular-1.5.3.js, angular-1.5.5.js~~ WS-2017-0113 (High) detected in angular-1.5.5.js, angular-1.5.3.js Nov 18, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2017-0113 (High) detected in angular-1.5.5.js, angular-1.5.3.js #4

WS-2017-0113 (High) detected in angular-1.5.5.js, angular-1.5.3.js #4

mend-bolt-for-github bot commented Jun 1, 2019 •

edited

Loading

WS-2017-0113 (High) detected in angular-1.5.5.js, angular-1.5.3.js #4

WS-2017-0113 (High) detected in angular-1.5.5.js, angular-1.5.3.js #4

Comments

mend-bolt-for-github bot commented Jun 1, 2019 • edited Loading

WS-2017-0113 - High Severity Vulnerability

mend-bolt-for-github bot commented Jun 1, 2019 •

edited

Loading