Improper Validation of Unsafe Equivalence in Input
CVE-2024-8372
Summary
Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content_Spoofing. The issue affects version 1.3.0-rc.4 through 1.8.3.
- LOW
- NETWORK
- LOW
- UNCHANGED
- REQUIRED
- NONE
- NONE
- NONE
CWE-1289 - Improper Validation of Unsafe Equivalence in Input
The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.
References
Advisory Timeline
- Published