GHSA-c75v-2vq8-878f

Suggest an improvement
Source
https://github.com/advisories/GHSA-c75v-2vq8-878f
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c75v-2vq8-878f/GHSA-c75v-2vq8-878f.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-c75v-2vq8-878f
Aliases
Related
Published
2022-05-27T00:01:08Z
Modified
2023-11-08T04:07:05.528192Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Cross site scripting in Angular
Details

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.

Database specific
{
    "nvd_published_at": "2022-05-26T14:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-02T18:58:52Z"
}
References

Affected packages

npm / @angular/core

Package

Name
@angular/core
View open source insights on deps.dev
Purl
pkg:npm/%40angular/core

Affected ranges

Type
SEMVER
Events
Introduced
11.0.0
Fixed
11.0.5

npm / @angular/core

Package

Name
@angular/core
View open source insights on deps.dev
Purl
pkg:npm/%40angular/core

Affected ranges

Type
SEMVER
Events
Introduced
11.1.0-next.0
Fixed
11.1.0-next.3

Database specific

{
    "last_known_affected_version_range": "<= 11.1.0-next.2"
}

npm / @angular/core

Package

Name
@angular/core
View open source insights on deps.dev
Purl
pkg:npm/%40angular/core

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.2.5