AngularJS allows attackers to bypass common image source restrictions (GHSA-mqm9-c95h-x2p6)
- Severity:
- Low
Description
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .
This issue affects all versions of AngularJS.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.8.3
References
- GHSA-mqm9-c95h-x2p6
- codepen.io
- www.herodevs.com
- security.netapp.com
- lists.debian.org
- CVE-2024-8373
- CWE-791
- CAPEC-310
- OWASP 2021-A6
Related Issues
- Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint - CVE-2025-65019
- angular Prototype Pollution vulnerability - CVE-2019-10768
- AngularJS allows attackers to bypass common image source restrictions - CVE-2024-8372
- angular vulnerable to super-linear runtime due to backtracking - CVE-2024-21490
- Tags:
- npm
- angular
Anything's wrong? Let us know Last updated on November 03, 2025