Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2017-0125
Good to know:
Date: June 8, 2014
It was possible to run arbitrary JS from inside angular expressions using the `Object.getOwnPropertyDescriptor` method since commit 4ab16aa
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Improper Control of Generation of Code ('Code Injection')
CWE-94Top Fix
Upgrade Version
Upgrade to version angular - 1.2.27;angular - v1.3.0-beta.1;angular - v1.2.17-build.100+sha.feb54d6;angular - v1.2.27-build.491+sha.07d6242;angular - v1.2.0-rc.1;angular - v1.0.7;angular - v1.2.30-build.604+sha.34e5623;org.webjars:angularjs:1.3.0-beta.2;org.webjars.bower:angular-1.1.6:1.4.0-beta.6
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | NONE |