Skip to main content

Improper Validation of Unsafe Equivalence in Input

CVE-2024-8372

Severity Medium
Score 4.3/10

Summary

Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content_Spoofing. The issue affects version 1.3.0-rc.4 through 1.8.3.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • NONE

CWE-1289 - Improper Validation of Unsafe Equivalence in Input

The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.

Advisory Timeline

  • Published