Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-mqm9-c95h-x2p6

GitHub Security Advisory

AngularJS allows attackers to bypass common image source restrictions

✓ GitHub Reviewed LOW Has CVE
View on GitHub

Advisory Details

Improper sanitization of the value of the `[srcset]` attribute in `<source>` HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .

This issue affects all versions of AngularJS.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

Affected Packages

npm angular
Affected versions: 0 (last affected: 1.8.3)

Related CVEs

CVE-2024-8373

Key Information

GHSA ID
GHSA-mqm9-c95h-x2p6
Published
September 9, 2024 3:30 PM
Last Modified
November 22, 2024 12:39 PM
CVSS Score
2.5 /10
Primary Ecosystem
npm
Primary Package
angular
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.