WS-2018-0002 (Medium) detected in angular-1.2.30.tgz #90

mend-for-github-com · 2020-04-21T19:57:01Z

WS-2018-0002 - Medium Severity Vulnerability

Vulnerable Library - angular-1.2.30.tgz

HTML enhanced for web apps

Library home page: https://registry.npmjs.org/angular/-/angular-1.2.30.tgz

Path to dependency file: esri.github.io/package.json

Path to vulnerable library: esri.github.io/node_modules/angular/package.json

Dependency Hierarchy:

❌ angular-1.2.30.tgz (Vulnerable Library)

Found in HEAD commit: a4d59687db7452886288c3f1faa3a43e975f6ff8

Vulnerability Details

When rendering Angular templates with a server-side templating engine like ERB or Haml it is easy to introduce XSS vulnerabilities. These vulnerabilities are enabled by AngularJS evaluating user-provided strings containing interpolation symbols (default symbols are {{ and }}).

Publish Date: 2014-05-20

URL: WS-2018-0002

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: angular/angular.js@e3f78c1

Release Date: 2014-05-20

Fix Resolution: angular - 1.3.0

⛑️ Automatic Remediation is available for this issue

The text was updated successfully, but these errors were encountered:

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Apr 21, 2020

mend-for-github-com bot mentioned this issue Oct 9, 2020

Update dependency angular to v1.8.0 #125

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0002 (Medium) detected in angular-1.2.30.tgz #90

WS-2018-0002 (Medium) detected in angular-1.2.30.tgz #90

mend-for-github-com bot commented Apr 21, 2020 •

edited

Loading

WS-2018-0002 (Medium) detected in angular-1.2.30.tgz #90

WS-2018-0002 (Medium) detected in angular-1.2.30.tgz #90

Comments

mend-for-github-com bot commented Apr 21, 2020 • edited Loading

WS-2018-0002 - Medium Severity Vulnerability

mend-for-github-com bot commented Apr 21, 2020 •

edited

Loading