Bug 2310871 (CVE-2024-8372)

Summary: CVE-2024-8372 angularjs: From NVD collector
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: asoldano, bbaranow, bdettelb, bmaxwell, boliveir, brian.stansberry, cdewolf, darran.lofthouse, dkreling, doconnor, dosoudil, drichtar, eglynn, fjuma, gmalinko, gotiwari, istudens, ivassile, iweiss, janstey, jcantril, jhorak, jjoyce, jkoops, jschluet, lchilton, lgao, lhh, lsvaty, mburns, mgarciac, mosmerov, msochure, msvehla, mvyas, nwallace, pdelbell, pdrozd, peholase, periklis, pesilva, pgrist, pjindal, pmackay, pskopek, rmartinc, rojacob, rowaters, rstancel, rstepani, sfeifer, smaestri, sthorger, teagle, tom.jenkinson, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in AngularJS. Improper sanitization of the srcset attribute may allow attackers to bypass common image source restrictions, allowing Content Spoofing.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2024-09-09 15:20:42 UTC 
Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .

This issue affects AngularJS versions 1.3.0-rc.4 and greater.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .