Incomplete Filtering of Special Elements
CVE-2024-8373
Summary
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content_Spoofing. This issue affects all versions of AngularJS.
- LOW
- NETWORK
- LOW
- UNCHANGED
- REQUIRED
- NONE
- NONE
- NONE
CWE-791 - Incomplete Filtering of Special Elements
The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
References
Advisory Timeline
- Published