Description
Improper sanitization of the value of the [srcset] attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .
This issue affects AngularJS versions 1.3.0-rc.4 and greater.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 1.3.0-rc.4, <= 1.8.3
References
- GHSA-m9gf-397r-hwpg
- codepen.io
- www.herodevs.com
- security.netapp.com
- lists.debian.org
- CVE-2024-8372
- CWE-1289
- CAPEC-310
- OWASP 2021-A6
Related Issues
- Angular vulnerable to Cross-site Scripting - CVE-2020-7676
- Redwood is vulnerable to account takeover via dbAuth "forgot-password - Vulnerability
- Follow Redirects improperly handles URLs in the url.parse() function - CVE-2023-26159
- Exposure of Sensitive Information to an Unauthorized Actor in nanoid - CVE-2021-23566
- Tags:
- npm
- angular
Anything's wrong? Let us know Last updated on November 03, 2025