Bug 2094052 (CVE-2021-4231) - CVE-2021-4231 angular: XSS vulnerability
Summary: CVE-2021-4231 angular: XSS vulnerability
Keywords:
Status: NEW
Alias: CVE-2021-4231
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2098286 2109316 2109317 2109375 2109376 2109377 2109378 2109379 2109380 2109381 2109382 2109383 2109384 2109385 2109681
Blocks: 2094048
TreeView+ depends on / blocked
 
Reported: 2022-06-06 17:16 UTC by Guilherme de Almeida Suckevicz
Modified: 2025-03-01 08:28 UTC (History)
53 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:3623 0 None None None 2023-06-15 09:15:32 UTC

Description Guilherme de Almeida Suckevicz 2022-06-06 17:16:24 UTC 
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.

References:
https://vuldb.com/?id.181356
https://github.com/angular/angular/issues/40136
https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902
https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09
Comment 18 errata-xmlrpc 2023-06-15 09:15:28 UTC 
This issue has been addressed in the following products:

  Red Hat Ceph Storage 6.1

Via RHSA-2023:3623 https://access.redhat.com/errata/RHSA-2023:3623
Note You need to log in before you can comment on or make changes to this bug.