Vulnerability DatabaseCVE-2021-4231
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2021-4231
May 26, 2022
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.
Affected Packages
@angular/compiler-cli (NPM):
Affected version(s) >=4.0.0 <4.4.7-compiler-cli-4.4.8
Fix Suggestion:
Update to version 4.4.7-compiler-cli-4.4.8
@angular/platform-webworker-dynamic (NPM):
Affected version(s) >=5.0.0 <5.2.11-platform-webworker-dynamic-5.2.12
Fix Suggestion:
Update to version 5.2.11-platform-webworker-dynamic-5.2.12
@angular/compiler (NPM):
Affected version(s) >=6.0.0 <6.1.10-compiler-6.1.13
Fix Suggestion:
Update to version 6.1.10-compiler-6.1.13
@angular/compiler-cli (NPM):
Affected version(s) >=7.0.0 <7.2.15-compiler-cli-7.2.18
Fix Suggestion:
Update to version 7.2.15-compiler-cli-7.2.18
@angular/common (NPM):
Affected version(s) >=7.0.0 <7.2.15-common-7.2.18
Fix Suggestion:
Update to version 7.2.15-common-7.2.18
@angular/platform-browser-dynamic (NPM):
Affected version(s) >=7.0.0 <7.2.15-platform-browser-dynamic-7.2.18
Fix Suggestion:
Update to version 7.2.15-platform-browser-dynamic-7.2.18
@angular/compiler (NPM):
Affected version(s) >=8.0.0 <8.2.14-compiler-8.2.17
Fix Suggestion:
Update to version 8.2.14-compiler-8.2.17
@angular/platform-webworker-dynamic (NPM):
Affected version(s) >=8.0.0 <8.2.14-platform-webworker-dynamic-8.2.17
Fix Suggestion:
Update to version 8.2.14-platform-webworker-dynamic-8.2.17
@angular/router (NPM):
Affected version(s) >=4.0.0 <4.4.7-router-4.4.8
Fix Suggestion:
Update to version 4.4.7-router-4.4.8
@angular/compiler-cli (NPM):
Affected version(s) >=6.0.0 <6.1.10-compiler-cli-6.1.13
Fix Suggestion:
Update to version 6.1.10-compiler-cli-6.1.13
@angular/platform-webworker (NPM):
Affected version(s) >=5.0.0 <5.2.11-platform-webworker-5.2.12
Fix Suggestion:
Update to version 5.2.11-platform-webworker-5.2.12
@angular/animations (NPM):
Affected version(s) >=8.0.0 <8.2.14-animations-8.2.17
Fix Suggestion:
Update to version 8.2.14-animations-8.2.17
@angular/platform-webworker (NPM):
Affected version(s) >=4.0.0 <4.4.7-platform-webworker-4.4.8
Fix Suggestion:
Update to version 4.4.7-platform-webworker-4.4.8
@angular/platform-webworker-dynamic (NPM):
Affected version(s) >=7.0.0 <7.2.15-platform-webworker-dynamic-7.2.18
Fix Suggestion:
Update to version 7.2.15-platform-webworker-dynamic-7.2.18
@angular/core (NPM):
Affected version(s) >=8.0.0 <8.2.14-core-8.2.17
Fix Suggestion:
Update to version 8.2.14-core-8.2.17
@angular/service-worker (NPM):
Affected version(s) >=5.0.0 <5.2.11-service-worker-5.2.12
Fix Suggestion:
Update to version 5.2.11-service-worker-5.2.12
@angular/forms (NPM):
Affected version(s) >=6.0.0 <6.1.10-forms-6.1.13
Fix Suggestion:
Update to version 6.1.10-forms-6.1.13
@angular/compiler (NPM):
Affected version(s) >=5.0.0 <5.2.11-compiler-5.2.12
Fix Suggestion:
Update to version 5.2.11-compiler-5.2.12
@angular/compiler (NPM):
Affected version(s) >=9.0.0 <9.1.13-compiler-9.1.16
Fix Suggestion:
Update to version 9.1.13-compiler-9.1.16
@angular/platform-browser-dynamic (NPM):
Affected version(s) >=6.0.0 <6.1.10-platform-browser-dynamic-6.1.13
Fix Suggestion:
Update to version 6.1.10-platform-browser-dynamic-6.1.13
@angular/platform-server (NPM):
Affected version(s) >=9.0.0 <9.1.13-platform-server-9.1.16
Fix Suggestion:
Update to version 9.1.13-platform-server-9.1.16
@angular/core (NPM):
Affected version(s) >=5.0.0 <5.2.11-core-5.2.12
Fix Suggestion:
Update to version 5.2.11-core-5.2.12
zone.js (NPM):
Affected version(s)
Fix Suggestion:
Update to version 9.1.13-zone.js-9.1.16
@angular/animations (NPM):
Affected version(s) >=4.0.0 <4.4.7-animations-4.4.8
Fix Suggestion:
Update to version 4.4.7-animations-4.4.8
@angular/language-service (NPM):
Affected version(s) >=5.0.0 <5.2.11-language-service-5.2.12
Fix Suggestion:
Update to version 5.2.11-language-service-5.2.12
@angular/platform-webworker-dynamic (NPM):
Affected version(s) >=6.0.0 <6.1.10-platform-webworker-dynamic-6.1.13
Fix Suggestion:
Update to version 6.1.10-platform-webworker-dynamic-6.1.13
zone.js (NPM):
Affected version(s)
Fix Suggestion:
Update to version 8.2.14-zone.js-8.2.17
@angular/common (NPM):
Affected version(s) >=8.0.0 <8.2.14-common-8.2.17
Fix Suggestion:
Update to version 8.2.14-common-8.2.17
@angular/service-worker (NPM):
Affected version(s) >=9.0.0 <9.1.13-service-worker-9.1.16
Fix Suggestion:
Update to version 9.1.13-service-worker-9.1.16
@angular/core (NPM):
Affected version(s) >=7.0.0 <7.2.15-core-7.2.18
Fix Suggestion:
Update to version 7.2.15-core-7.2.18
@angular/platform-browser-dynamic (NPM):
Affected version(s) >=4.0.0 <4.4.7-platform-browser-dynamic-4.4.8
Fix Suggestion:
Update to version 4.4.7-platform-browser-dynamic-4.4.8
@angular/upgrade (NPM):
Affected version(s) >=8.0.0 <8.2.14-upgrade-8.2.17
Fix Suggestion:
Update to version 8.2.14-upgrade-8.2.17
@angular/platform-browser-dynamic (NPM):
Affected version(s) >=8.0.0 <8.2.14-platform-browser-dynamic-8.2.17
Fix Suggestion:
Update to version 8.2.14-platform-browser-dynamic-8.2.17
@angular/platform-browser-dynamic (NPM):
Affected version(s) >=9.0.0 <9.1.13-platform-browser-dynamic-9.1.16
Fix Suggestion:
Update to version 9.1.13-platform-browser-dynamic-9.1.16
@angular/compiler-cli (NPM):
Affected version(s) >=5.0.0 <5.2.11-compiler-cli-5.2.12
Fix Suggestion:
Update to version 5.2.11-compiler-cli-5.2.12
@angular/forms (NPM):
Affected version(s) >=9.0.0 <9.1.13-forms-9.1.16
Fix Suggestion:
Update to version 9.1.13-forms-9.1.16
@angular/http (NPM):
Affected version(s) >=4.0.0 <4.4.7-http-4.4.8
Fix Suggestion:
Update to version 4.4.7-http-4.4.8
@angular/service-worker (NPM):
Affected version(s) >=7.0.0 <7.2.15-service-worker-7.2.18
Fix Suggestion:
Update to version 7.2.15-service-worker-7.2.18
@angular/platform-webworker (NPM):
Affected version(s) >=6.0.0 <6.1.10-platform-webworker-6.1.13
Fix Suggestion:
Update to version 6.1.10-platform-webworker-6.1.13
@angular/upgrade (NPM):
Affected version(s) >=6.0.0 <6.1.10-upgrade-6.1.13
Fix Suggestion:
Update to version 6.1.10-upgrade-6.1.13
@angular/http (NPM):
Affected version(s)
Fix Suggestion:
Update to version 9.1.13-http-9.1.16
@angular/router (NPM):
Affected version(s) >=5.0.0 <5.2.11-router-5.2.12
Fix Suggestion:
Update to version 5.2.11-router-5.2.12
@angular/http (NPM):
Affected version(s) >=7.0.0 <7.2.15-http-7.2.18
Fix Suggestion:
Update to version 7.2.15-http-7.2.18
@angular/platform-webworker-dynamic (NPM):
Affected version(s) >=9.0.0 <9.1.13-platform-webworker-dynamic-9.1.16
Fix Suggestion:
Update to version 9.1.13-platform-webworker-dynamic-9.1.16
@angular/upgrade (NPM):
Affected version(s) >=4.0.0 <4.4.7-upgrade-4.4.8
Fix Suggestion:
Update to version 4.4.7-upgrade-4.4.8
@angular/animations (NPM):
Affected version(s) >=7.0.0 <7.2.15-animations-7.2.18
Fix Suggestion:
Update to version 7.2.15-animations-7.2.18
@angular/animations (NPM):
Affected version(s) >=9.0.0 <9.1.13-animations-9.1.16
Fix Suggestion:
Update to version 9.1.13-animations-9.1.16
@angular/common (NPM):
Affected version(s) >=6.0.0 <6.1.10-common-6.1.13
Fix Suggestion:
Update to version 6.1.10-common-6.1.13
@angular/platform-server (NPM):
Affected version(s) >=7.0.0 <7.2.15-platform-server-7.2.18
Fix Suggestion:
Update to version 7.2.15-platform-server-7.2.18
@angular/router (NPM):
Affected version(s) >=7.0.0 <7.2.15-router-7.2.18
Fix Suggestion:
Update to version 7.2.15-router-7.2.18
@angular/animations (NPM):
Affected version(s) >=6.0.0 <6.1.10-animations-6.1.13
Fix Suggestion:
Update to version 6.1.10-animations-6.1.13
@angular/platform-server (NPM):
Affected version(s) >=5.0.0 <5.2.11-platform-server-5.2.12
Fix Suggestion:
Update to version 5.2.11-platform-server-5.2.12
@angular/http (NPM):
Affected version(s) >=6.0.0 <6.1.10-http-6.1.13
Fix Suggestion:
Update to version 6.1.10-http-6.1.13
@angular/platform-browser (NPM):
Affected version(s) >=8.0.0 <8.2.14-platform-browser-8.2.17
Fix Suggestion:
Update to version 8.2.14-platform-browser-8.2.17
@angular/compiler (NPM):
Affected version(s) >=7.0.0 <7.2.15-compiler-7.2.18
Fix Suggestion:
Update to version 7.2.15-compiler-7.2.18
@angular/forms (NPM):
Affected version(s) >=4.0.0 <4.4.7-forms-4.4.8
Fix Suggestion:
Update to version 4.4.7-forms-4.4.8
@angular/platform-webworker (NPM):
Affected version(s) >=8.0.0 <8.2.14-platform-webworker-8.2.17
Fix Suggestion:
Update to version 8.2.14-platform-webworker-8.2.17
@angular/common (NPM):
Affected version(s) >=4.0.0 <4.4.7-common-4.4.8
Fix Suggestion:
Update to version 4.4.7-common-4.4.8
@angular/http (NPM):
Affected version(s)
Fix Suggestion:
Update to version 8.2.14-http-8.2.17
@angular/router (NPM):
Affected version(s) >=6.0.0 <6.1.10-router-6.1.13
Fix Suggestion:
Update to version 6.1.10-router-6.1.13
@angular/forms (NPM):
Affected version(s) >=8.0.0 <8.2.14-forms-8.2.17
Fix Suggestion:
Update to version 8.2.14-forms-8.2.17
@angular/compiler-cli (NPM):
Affected version(s) >=9.0.0 <9.1.13-compiler-cli-9.1.16
Fix Suggestion:
Update to version 9.1.13-compiler-cli-9.1.16
@angular/compiler (NPM):
Affected version(s) >=4.0.0 <4.4.7-compiler-4.4.8
Fix Suggestion:
Update to version 4.4.7-compiler-4.4.8
@angular/platform-browser-dynamic (NPM):
Affected version(s) >=5.0.0 <5.2.11-platform-browser-dynamic-5.2.12
Fix Suggestion:
Update to version 5.2.11-platform-browser-dynamic-5.2.12
@angular/platform-browser (NPM):
Affected version(s) >=5.0.0 <5.2.11-platform-browser-5.2.12
Fix Suggestion:
Update to version 5.2.11-platform-browser-5.2.12
@angular/forms (NPM):
Affected version(s) >=5.0.0 <5.2.11-forms-5.2.12
Fix Suggestion:
Update to version 5.2.11-forms-5.2.12
@angular/core (NPM):
Affected version(s) >=9.0.0 <9.1.13-core-9.1.16
Fix Suggestion:
Update to version 9.1.13-core-9.1.16
@angular/core (NPM):
Affected version(s) >=4.0.0 <4.4.7-core-4.4.8
Fix Suggestion:
Update to version 4.4.7-core-4.4.8
@angular/platform-webworker (NPM):
Affected version(s) >=9.0.0 <9.1.13-platform-webworker-9.1.16
Fix Suggestion:
Update to version 9.1.13-platform-webworker-9.1.16
@angular/common (NPM):
Affected version(s) >=9.0.0 <9.1.13-common-9.1.16
Fix Suggestion:
Update to version 9.1.13-common-9.1.16
@angular/platform-server (NPM):
Affected version(s) >=4.0.0 <4.4.7-platform-server-4.4.8
Fix Suggestion:
Update to version 4.4.7-platform-server-4.4.8
@angular/upgrade (NPM):
Affected version(s) >=9.0.0 <9.1.13-upgrade-9.1.16
Fix Suggestion:
Update to version 9.1.13-upgrade-9.1.16
@angular/platform-browser (NPM):
Affected version(s) >=6.0.0 <6.1.10-platform-browser-6.1.13
Fix Suggestion:
Update to version 6.1.10-platform-browser-6.1.13
@angular/router (NPM):
Affected version(s) >=9.0.0 <9.1.13-router-9.1.16
Fix Suggestion:
Update to version 9.1.13-router-9.1.16
@angular/upgrade (NPM):
Affected version(s) >=7.0.0 <7.2.15-upgrade-7.2.18
Fix Suggestion:
Update to version 7.2.15-upgrade-7.2.18
@angular/platform-server (NPM):
Affected version(s) >=6.0.0 <6.1.10-platform-server-6.1.13
Fix Suggestion:
Update to version 6.1.10-platform-server-6.1.13
@angular/common (NPM):
Affected version(s) >=5.0.0 <5.2.11-common-5.2.12
Fix Suggestion:
Update to version 5.2.11-common-5.2.12
@angular/platform-server (NPM):
Affected version(s) >=8.0.0 <8.2.14-platform-server-8.2.17
Fix Suggestion:
Update to version 8.2.14-platform-server-8.2.17
@angular/platform-browser (NPM):
Affected version(s) >=7.0.0 <7.2.15-platform-browser-7.2.18
Fix Suggestion:
Update to version 7.2.15-platform-browser-7.2.18
@angular/compiler-cli (NPM):
Affected version(s) >=8.0.0 <8.2.14-compiler-cli-8.2.17
Fix Suggestion:
Update to version 8.2.14-compiler-cli-8.2.17
@angular/platform-browser (NPM):
Affected version(s) >=9.0.0 <9.1.13-platform-browser-9.1.16
Fix Suggestion:
Update to version 9.1.13-platform-browser-9.1.16
@angular/service-worker (NPM):
Affected version(s) >=8.0.0 <8.2.14-service-worker-8.2.17
Fix Suggestion:
Update to version 8.2.14-service-worker-8.2.17
@angular/platform-webworker (NPM):
Affected version(s) >=7.0.0 <7.2.15-platform-webworker-7.2.18
Fix Suggestion:
Update to version 7.2.15-platform-webworker-7.2.18
@angular/animations (NPM):
Affected version(s) >=5.0.0 <5.2.11-animations-5.2.12
Fix Suggestion:
Update to version 5.2.11-animations-5.2.12
@angular/router (NPM):
Affected version(s) >=8.0.0 <8.2.14-router-8.2.17
Fix Suggestion:
Update to version 8.2.14-router-8.2.17
@angular/http (NPM):
Affected version(s) >=5.0.0 <5.2.11-http-5.2.12
Fix Suggestion:
Update to version 5.2.11-http-5.2.12
@angular/service-worker (NPM):
Affected version(s) >=6.0.0 <6.1.10-service-worker-6.1.13
Fix Suggestion:
Update to version 6.1.10-service-worker-6.1.13
@angular/forms (NPM):
Affected version(s) >=7.0.0 <7.2.15-forms-7.2.18
Fix Suggestion:
Update to version 7.2.15-forms-7.2.18
@angular/platform-browser (NPM):
Affected version(s) >=4.0.0 <4.4.7-platform-browser-4.4.8
Fix Suggestion:
Update to version 4.4.7-platform-browser-4.4.8
@angular/platform-webworker-dynamic (NPM):
Affected version(s) >=4.0.0 <4.4.7-platform-webworker-dynamic-4.4.8
Fix Suggestion:
Update to version 4.4.7-platform-webworker-dynamic-4.4.8
@angular/upgrade (NPM):
Affected version(s) >=5.0.0 <5.2.11-upgrade-5.2.12
Fix Suggestion:
Update to version 5.2.11-upgrade-5.2.12
@angular/core (NPM):
Affected version(s) >=6.0.0 <6.1.10-core-6.1.13
Fix Suggestion:
Update to version 6.1.10-core-6.1.13
Related Resources (8)
https://github.com/angular/angular/commit/47d9b6d72dab9d60c96bc1c3604219f6385649ea
https://github.com/angular/angular/commit/0aa220bc0000fc4d1651ec388975bbf5baa1da36
https://github.com/angular/angular/issues/40136
https://github.com/angular/angular
https://access.redhat.com/security/cve/CVE-2021-4231
https://nvd.nist.gov/vuln/detail/CVE-2021-4231
https://vuldb.com/?id.181356
https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.1
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
CVSS v2
Base Score:
3.5
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79
EPSS
Base Score:
1.34