Description
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping <option> elements in <select> ones changes parsing behavior, leading to possibly unsanitizing code.
Recommendation
Update the angular package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.8.0
- Patched version(s): 1.8.0
References
Related Issues
- angular Prototype Pollution vulnerability - CVE-2019-10768
- AngularJS allows attackers to bypass common image source restrictions - CVE-2024-8372
- angular vulnerable to super-linear runtime due to backtracking - CVE-2024-21490
- angular vulnerable to regular expression denial of service via the angular.copy() utility - CVE-2023-26116
- Tags:
- npm
- angular
Anything's wrong? Let us know Last updated on November 20, 2025