CVE-2024-8373
CVSS V2 None
CVSS V3 None
Description
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .
This issue affects all versions of AngularJS.
Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Overview
- CVE ID
- CVE-2024-8373
- Assigner
- HeroDevs
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-09T14:48:41.513Z
- Last Modified Date
- 2024-09-09T15:16:49.287Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.herodevs.com/vulnerability-directory/cve-2024-8373 | third-party-advisory |
| https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b | technical-description exploit |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-8373 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8373 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-09-10 13:02:40 | Added to TrackCVE |