CVE-2024-8373
CVE-2024-8373
Título es
CVE-2024-8373
Lun, 09/09/2024 – 15:15
Tipo
CWE-791
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-8373
Descripción en
Improper sanitization of the value of the '[srcset]' attribute in '' HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .
This issue affects all versions of AngularJS.
Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
09/09/2024
09/09/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Gravedad 3.1 (CVSS 3.1 Base Score)
4.80
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM
Referencias
Enviar en el boletín
Off
