4.8 CVE-2024-8373

Exploit

Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
https://nvd.nist.gov/vuln/detail/CVE-2024-8373

References

36c7be3b-2937-45df-85ea-ca7133ea542c Exploit

https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b Exploit Third Party Advisory
https://www.herodevs.com/vulnerability-directory/cve-2024-8373 Exploit Third Party Advisory

af854a3a-2127-422b-91ae-364da2661108 Exploit

https://security.netapp.com/advisory/ntap-20241122-0003/

CPE

cpe	start	end
Configuration 1
cpe:2.3:a:angularjs:angular.js::::::::		< 1.9.6

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
https://www.herodevs.com/vulnerability-directory/cve-2024-8373

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee