Approved changes feed: RSS · Atom

cpe:2.3:a:angularjs:angular.js:1.3.0:rc4:*:*:*:*:*:*

part: a version: 1.3.0 update: rc4

VendorAngularjs (ce9cdb3e-306c-502b-94b8-440cef51b57f)
ProductAngular.Js (23858d2d-c389-5d53-ab6b-a2f7d7365c37)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:deb/debian/angular.js purl2cpe 2026-06-01 10:12:48.096322
pkg:deb/ubuntu/angular.js purl2cpe 2026-06-01 10:12:48.096323
pkg:github/angular/angular.js purl2cpe 2026-06-01 10:12:48.096324
pkg:nuget/AngularJS.Core purl2cpe 2026-06-01 10:12:48.096326
pkg:sourceforge/angularjs purl2cpe 2026-06-01 10:12:48.096327

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-8372 vulnerable 2026-06-08 07:00:24.400781 AngularJS improper sanitization in 'srcset' attribute
MEDIUM (4.8)
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Published: 2024-09-09T14:46:03.134Z
Updated: 2025-11-03T19:34:58.181Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.