CVE-2024-8373: AngularJS improper sanitization in '<source>' element
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing .
This issue affects all versions of AngularJS.
Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Other sources
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing .
This issue affects all versions of AngularJS.
Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
— GitHub
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2024-8373?
CVE-2024-8373 has been classified as a significant severity vulnerability due to its potential to allow content spoofing.
How do I fix CVE-2024-8373?
To fix CVE-2024-8373, update to AngularJS version 1.9.6 or later, which addresses the improper sanitization issue.
Who is affected by CVE-2024-8373?
CVE-2024-8373 affects AngularJS versions up to 1.8.3 and versions prior to 1.9.6.
What type of attack can CVE-2024-8373 facilitate?
CVE-2024-8373 can facilitate content spoofing attacks by bypassing image source restrictions.
Can CVE-2024-8373 affect my website's security?
Yes, if you are using an affected version of AngularJS, your website could be vulnerable to content spoofing due to CVE-2024-8373.