WS-2017-0120 High Severity Vulnerability detected by WhiteSource #3
Description
WS-2017-0120 - High Severity Vulnerability
Vulnerable Library - angular-1.2.12.min.js
AngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.
path: /examples/guestbook/php-redis/index.html
Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.2.12/angular.min.js
Dependency Hierarchy:
- ❌ angular-1.2.12.min.js (Vulnerable Library)
Vulnerability Details
No proper sanitize of xlink:href attribute interoplation, thus vulnerable to Cross-site Scripting (XSS).
Publish Date: 2017-01-20
URL: WS-2017-0120
CVSS 2 Score Details (7.8)
Base Score Metrics not available
Suggested Fix
Type: Change files
Origin: angular/angular.js@f33ce17
Release Date: 2015-09-18
Fix Resolution: Replace or update the following files: compileSpec.js, compile.js
Step up your Open Source Security Game with WhiteSource here