Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .
This issue affects all versions of AngularJS.
Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/8xxx/CVE-2024-8373.json",
"cwe_ids": [
"CWE-791"
],
"cna_assigner": "HeroDevs",
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": ">=0.0.0"
},
{
"last_affected": ">=0.0.0"
}
]
}
]
}{
"cpe": "cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "1.8.3"
}
]
}