CVE-2024-8372 (GCVE-0-2024-8372)

Vulnerability from cvelistv5 – Published: 2024-09-09 14:46 – Updated: 2025-11-03 19:34 Unsupported When Assigned X_Open Source
VLAI?
Title
AngularJS improper sanitization in 'srcset' attribute
Summary
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Severity ?
4.8 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
CWE
  • CWE-1289 - Improper Validation of Unsafe Equivalence in Input
Assigner
References
Impacted products
Vendor Product Version
Google AngularJS Affected: >=1.3.0-rc.4 (semver)
Create a notification for this product.
Credits
George Kalpakas
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "angular.js",
            "vendor": "angularjs",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "1.3.0-rc.4",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8372",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T15:06:37.579433Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T15:07:26.780Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:34:58.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241122-0002/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://registry.npmjs.org",
          "defaultStatus": "unaffected",
          "packageName": "angular",
          "product": "AngularJS",
          "repo": "https://github.com/angular/angular.js",
          "vendor": "Google",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e=1.3.0-rc.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "George Kalpakas"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper sanitization of the value of the \u0027\u003ctt\u003esrcset\u003c/tt\u003e\u0027 attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://owasp.org/www-community/attacks/Content_Spoofing\"\u003eContent Spoofing\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eThis issue affects AngularJS versions 1.3.0-rc.4 and greater.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eNote:\u003c/b\u003e\u003cbr\u003eThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.angularjs.org/misc/version-support-status\"\u003ehere\u003c/a\u003e."
            }
          ],
          "value": "Improper sanitization of the value of the \u0027srcset\u0027 attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .\n\nThis issue affects AngularJS versions 1.3.0-rc.4 and greater.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status ."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-554",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-554 Functionality Bypass"
            }
          ]
        },
        {
          "capecId": "CAPEC-148",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-148 Content Spoofing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1289",
              "description": "CWE-1289: Improper Validation of Unsafe Equivalence in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-28T17:39:48.004Z",
        "orgId": "36c7be3b-2937-45df-85ea-ca7133ea542c",
        "shortName": "HeroDevs"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.herodevs.com/vulnerability-directory/cve-2024-8372"
        },
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "tags": [
        "unsupported-when-assigned",
        "x_open-source"
      ],
      "title": "AngularJS improper sanitization in \u0027srcset\u0027 attribute",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36c7be3b-2937-45df-85ea-ca7133ea542c",
    "assignerShortName": "HeroDevs",
    "cveId": "CVE-2024-8372",
    "datePublished": "2024-09-09T14:46:03.134Z",
    "dateReserved": "2024-09-02T08:44:11.786Z",
    "dateUpdated": "2025-11-03T19:34:58.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.3.1\", \"versionEndExcluding\": \"1.9.6\", \"matchCriteriaId\": \"72B0E11B-AAD9-4A46-A358-D5751871C733\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:angularjs:angular.js:1.3.0:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A5D6F17-EDC9-41C4-9C83-F18A09419A2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:angularjs:angular.js:1.3.0:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2940EF6-BE3C-4B5A-88D9-66346DD89179\"}]}]}]",
      "cveTags": "[{\"sourceIdentifier\": \"36c7be3b-2937-45df-85ea-ca7133ea542c\", \"tags\": [\"unsupported-when-assigned\"]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper sanitization of the value of the \u0027[srcset]\u0027 attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .\\n\\nThis issue affects AngularJS versions 1.3.0-rc.4 and greater.\\n\\nNote:\\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .\"}, {\"lang\": \"es\", \"value\": \"La desinfecci\\u00f3n incorrecta del valor del atributo \u0027[srcset]\u0027 en AngularJS permite a los atacantes eludir las restricciones comunes de origen de im\\u00e1genes, lo que tambi\\u00e9n puede provocar una forma de suplantaci\\u00f3n de contenido https://owasp.org/www-community/attacks/Content_Spoofing . Este problema afecta a las versiones 1.3.0-rc.4 y posteriores de AngularJS. Nota: El proyecto AngularJS ha llegado al final de su vida \\u00fatil y no recibir\\u00e1 ninguna actualizaci\\u00f3n para solucionar este problema. Para obtener m\\u00e1s informaci\\u00f3n, consulte aqu\\u00ed https://docs.angularjs.org/misc/version-support-status .\"}]",
      "id": "CVE-2024-8372",
      "lastModified": "2024-11-22T12:15:19.807",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"36c7be3b-2937-45df-85ea-ca7133ea542c\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
      "published": "2024-09-09T15:15:12.560",
      "references": "[{\"url\": \"https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017\", \"source\": \"36c7be3b-2937-45df-85ea-ca7133ea542c\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.herodevs.com/vulnerability-directory/cve-2024-8372\", \"source\": \"36c7be3b-2937-45df-85ea-ca7133ea542c\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241122-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"36c7be3b-2937-45df-85ea-ca7133ea542c\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1289\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-8372\",\"sourceIdentifier\":\"36c7be3b-2937-45df-85ea-ca7133ea542c\",\"published\":\"2024-09-09T15:15:12.560\",\"lastModified\":\"2025-11-20T18:00:14.787\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"36c7be3b-2937-45df-85ea-ca7133ea542c\",\"tags\":[\"unsupported-when-assigned\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper sanitization of the value of the \u0027srcset\u0027 attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .\\n\\nThis issue affects AngularJS versions 1.3.0-rc.4 and greater.\\n\\nNote:\\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .\"},{\"lang\":\"es\",\"value\":\"La desinfecci\u00f3n incorrecta del valor del atributo \u0027[srcset]\u0027 en AngularJS permite a los atacantes eludir las restricciones comunes de origen de im\u00e1genes, lo que tambi\u00e9n puede provocar una forma de suplantaci\u00f3n de contenido https://owasp.org/www-community/attacks/Content_Spoofing . Este problema afecta a las versiones 1.3.0-rc.4 y posteriores de AngularJS. Nota: El proyecto AngularJS ha llegado al final de su vida \u00fatil y no recibir\u00e1 ninguna actualizaci\u00f3n para solucionar este problema. Para obtener m\u00e1s informaci\u00f3n, consulte aqu\u00ed https://docs.angularjs.org/misc/version-support-status .\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"36c7be3b-2937-45df-85ea-ca7133ea542c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"36c7be3b-2937-45df-85ea-ca7133ea542c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1289\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.3.1\",\"versionEndIncluding\":\"1.8.3\",\"matchCriteriaId\":\"56693676-5347-4C6D-9FF2-977DE554B1E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:angularjs:angularjs:1.3.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"803A1BC5-B392-4540-8B22-2E5D66A3293D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:angularjs:angularjs:1.3.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5995620-3E19-48EC-964E-7B0C4794CF85\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*\",\"matchCriteriaId\":\"E8F29E19-3A64-4426-A2AA-F169440267CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"}]}]}],\"references\":[{\"url\":\"https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017\",\"source\":\"36c7be3b-2937-45df-85ea-ca7133ea542c\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.herodevs.com/vulnerability-directory/cve-2024-8372\",\"source\":\"36c7be3b-2937-45df-85ea-ca7133ea542c\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20241122-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20241122-0002/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-11-22T12:04:51.702Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-8372\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-09T15:06:37.579433Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:*\"], \"vendor\": \"angularjs\", \"product\": \"angular.js\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.3.0-rc.4\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-09T15:07:18.673Z\"}}], \"cna\": {\"tags\": [\"unsupported-when-assigned\", \"x_open-source\"], \"title\": \"AngularJS improper sanitization in \u0027srcset\u0027 attribute\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"George Kalpakas\"}], \"impacts\": [{\"capecId\": \"CAPEC-554\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-554 Functionality Bypass\"}]}, {\"capecId\": \"CAPEC-148\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-148 Content Spoofing\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/angular/angular.js\", \"vendor\": \"Google\", \"product\": \"AngularJS\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e=1.3.0-rc.4\", \"versionType\": \"semver\"}], \"packageName\": \"angular\", \"collectionURL\": \"https://registry.npmjs.org\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.herodevs.com/vulnerability-directory/cve-2024-8372\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017\", \"tags\": [\"technical-description\", \"exploit\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper sanitization of the value of the \u0027srcset\u0027 attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .\\n\\nThis issue affects AngularJS versions 1.3.0-rc.4 and greater.\\n\\nNote:\\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper sanitization of the value of the \u0027\u003ctt\u003esrcset\u003c/tt\u003e\u0027 attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://owasp.org/www-community/attacks/Content_Spoofing\\\"\u003eContent Spoofing\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003eThis issue affects AngularJS versions 1.3.0-rc.4 and greater.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eNote:\u003c/b\u003e\u003cbr\u003eThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://docs.angularjs.org/misc/version-support-status\\\"\u003ehere\u003c/a\u003e.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1289\", \"description\": \"CWE-1289: Improper Validation of Unsafe Equivalence in Input\"}]}], \"providerMetadata\": {\"orgId\": \"36c7be3b-2937-45df-85ea-ca7133ea542c\", \"shortName\": \"HeroDevs\", \"dateUpdated\": \"2025-05-28T17:39:48.004Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-8372\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-28T17:39:48.004Z\", \"dateReserved\": \"2024-09-02T08:44:11.786Z\", \"assignerOrgId\": \"36c7be3b-2937-45df-85ea-ca7133ea542c\", \"datePublished\": \"2024-09-09T14:46:03.134Z\", \"assignerShortName\": \"HeroDevs\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.