NVD Listing: NVD - CVE-2023-26117

Bug Fixes 

• ng-srcset: Addresses a Content Spoofing vulnerability and failure to sanitize image URLs set by $compileProvider.imgSrcSanitizationWhitelist(). 
  This patch addresses the CVE-2024-8372 vulnerability, where users could bypass image source restrictions using ng-attr-srcset Angular attributes. 
  This patch addresses the CVE-2024-8373 vulnerability, where users could bypass image source restrictions in picture>source elements using the [srcset] attribute.
• ng-srcset: Addresses a ReDoS vulnerability in the ng-srcset directive. 
  This update enhances the performance of the ng-srcset directive and mitigates a high-severity risk associated with ReDoS (CVE-2024-21490).
• angular.copy(): Fixes a ReDoS issue in angular.copy() 
  This fix corrected the logic for copying RegExp in angular.copy and solved a high severity threat related to ReDoS (CVE-2023-26116)
• $resource: Fixes ReDoS issue with URLs that have trailing slashes 
  Addresses the ReDoS high severity vulnerability (CVE-2023-26117). This fix resolved the trailing slashes issue in $resource.
• input[url]: Fixed ReDoS issue in input URL 
  This fix addressed a high severity threat related to ReDoS and improves performance in URL_REGEXP (CVE-2023-26118)
• $sniffer: Updated sniffer logic to detect Firefox browser based on Modern Firefox user agent strings that include the substring like "Gecko" and sometimes "webkit" for compatibility. Earlier it used to return true even for webkit based browsers.
• SVG image elements: Addresses a Content Spoofing vulnerability related to SVG image elements. 
  This patch addresses the CVE-2025-0716 vulnerability, where attackers could bypass common image source restrictions through improper sanitization of the 'href' and 'xlink:href' attributes in '' SVG elements. 

NVD Listing:- NVD - CVE-2024-21490

ug Fixes 

• ng-srcset: Addresses a Content Spoofing vulnerability and failure to sanitize image URLs set by $compileProvider.imgSrcSanitizationWhitelist(). 
  This patch addresses the CVE-2024-8372 vulnerability, where users could bypass image source restrictions using ng-attr-srcset Angular attributes. 
  This patch addresses the CVE-2024-8373 vulnerability, where users could bypass image source restrictions in picture>source elements using the [srcset] attribute. 
• ng-srcset: Addresses a ReDoS vulnerability in the ng-srcset directive. 
  This update enhances the performance of the ng-srcset directive and mitigates a high-severity risk associated with ReDoS (CVE-2024-21490). 
• angular.copy(): Fixes a ReDoS issue in angular.copy() 
  This fix corrected the logic for copying RegExp in angular.copy and solved a high severity threat related to ReDoS (CVE-2023-26116) 
• $resource: Fixes ReDoS issue with URLs that have trailing slashes 
  Addresses the ReDoS high severity vulnerability (CVE-2023-26117). This fix resolved the trailing slashes issue in $resource. 
• input[url]: Fixed ReDoS issue in input URL 
  This fix addressed a high severity threat related to ReDoS and improves performance in URL_REGEXP (CVE-2023-26118) 
• $sniffer: Updated sniffer logic to detect Firefox browser based on Modern Firefox user agent strings that include the substring like "Gecko" and sometimes "webkit" for compatibility. Earlier it used to return true even for webkit based browsers. 
• SVG image elements: Addresses a Content Spoofing vulnerability related to SVG image elements. 
  This patch addresses the CVE-2025-0716 vulnerability, where attackers could bypass common image source restrictions through improper sanitization of the 'href' and 'xlink:href' attributes in '' SVG elements. 

NVD Listing: NVD - CVE-2023-26118

Bug Fixes 

• ng-srcset: Addresses a Content Spoofing vulnerability and failure to sanitize image URLs set by $compileProvider.imgSrcSanitizationWhitelist(). 
  This patch addresses the CVE-2024-8372 vulnerability, where users could bypass image source restrictions using ng-attr-srcset Angular attributes. 
  This patch addresses the CVE-2024-8373 vulnerability, where users could bypass image source restrictions in picture>source elements using the [srcset] attribute.
• ng-srcset: Addresses a ReDoS vulnerability in the ng-srcset directive. 
  This update enhances the performance of the ng-srcset directive and mitigates a high-severity risk associated with ReDoS (CVE-2024-21490).
• angular.copy(): Fixes a ReDoS issue in angular.copy() 
  This fix corrected the logic for copying RegExp in angular.copy and solved a high severity threat related to ReDoS (CVE-2023-26116)
• $resource: Fixes ReDoS issue with URLs that have trailing slashes 
  Addresses the ReDoS high severity vulnerability (CVE-2023-26117). This fix resolved the trailing slashes issue in $resource.
• input[url]: Fixed ReDoS issue in input URL 
  This fix addressed a high severity threat related to ReDoS and improves performance in URL_REGEXP (CVE-2023-26118)
• $sniffer: Updated sniffer logic to detect Firefox browser based on Modern Firefox user agent strings that include the substring like "Gecko" and sometimes "webkit" for compatibility. Earlier it used to return true even for webkit based browsers.
• SVG image elements: Addresses a Content Spoofing vulnerability related to SVG image elements. 
  This patch addresses the CVE-2025-0716 vulnerability, where attackers could bypass common image source restrictions through improper sanitization of the 'href' and 'xlink:href' attributes in '' SVG elements. 

NVD Listing :- 

Bug Fixes 

• ng-srcset: Addresses a Content Spoofing vulnerability and failure to sanitize image URLs set by $compileProvider.imgSrcSanitizationWhitelist(). 
  This patch addresses the CVE-2024-8372 vulnerability, where users could bypass image source restrictions using ng-attr-srcset Angular attributes. 
  This patch addresses the CVE-2024-8373 vulnerability, where users could bypass image source restrictions in picture>source elements using the [srcset] attribute.
• ng-srcset: Addresses a ReDoS vulnerability in the ng-srcset directive. 
  This update enhances the performance of the ng-srcset directive and mitigates a high-severity risk associated with ReDoS (CVE-2024-21490).
• angular.copy(): Fixes a ReDoS issue in angular.copy() 
  This fix corrected the logic for copying RegExp in angular.copy and solved a high severity threat related to ReDoS (CVE-2023-26116)
• $resource: Fixes ReDoS issue with URLs that have trailing slashes 
  Addresses the ReDoS high severity vulnerability (CVE-2023-26117). This fix resolved the trailing slashes issue in $resource.
• input[url]: Fixed ReDoS issue in input URL 
  This fix addressed a high severity threat related to ReDoS and improves performance in URL_REGEXP (CVE-2023-26118)
• $sniffer: Updated sniffer logic to detect Firefox browser based on Modern Firefox user agent strings that include the substring like "Gecko" and sometimes "webkit" for compatibility. Earlier it used to return true even for webkit based browsers.
• SVG image elements: Addresses a Content Spoofing vulnerability related to SVG image elements. 
  This patch addresses the CVE-2025-0716 vulnerability, where attackers could bypass common image source restrictions through improper sanitization of the 'href' and 'xlink:href' attributes in '' SVG elements. 

NVD Listing : NVD - CVE-2024-33665

Bug Fixes 

• translate directive: XSS vulnerability fix resolves CVE-2024-33665. 
• For missing translation IDs, use the escape strategy if no other is provided. Otherwise, apply the same strategy as for translation values. 
• Note about the sanitize and sce modes: For HTML injection, use reliable sanitization libraries like DOMPurify to avoid vulnerabilities similar to those in the AngularJS expression sandbox. 

NVD Listing: NVD - CVE-2025-0716

Bug Fixes  

• SVG image elements: This patch addresses a Content Spoofing vulnerability related to SVG image elements. 
  This patch addresses the CVE-2025-0716 vulnerability, where attackers could bypass common image source restrictions through improper sanitization of the href and xlink:href attributes in <image> SVG elements. 

NVD Listing: NVD - CVE-2024-21490

Bug Fixes  

• ng-srcset: Addressed a ReDoS vulnerability in the ng-srcset directive. 
• This update enhances the performance of the ng-srcset directive and mitigates a high-severity risk associated with ReDoS (CVE-2024-21490). 

NVD Listing: NVD - CVE-2025-0716

Bug Fixes    SVG image elements: This patch addresses a Content Spoofing vulnerability related to SVG image elements.  This patch addresses the CVE-2025-0716 vulnerability, where attackers could bypass common image source restrictions through improper san

NVD Listing: NVD - CVE-2023-26116

Bug Fixes 

• angular.copy(): Fixed ReDoS issue in angular.copy()  
• This fix corrected the logic for copying RegExp in angular.copy and solved a high severity threat related to ReDoS (CVE-2023-26116) 
• $resource: Fixed ReDoS issue with URLs that have trailing slashes  
• Addressed the ReDoS high severity vulnerability (CVE-2023-26117). This fix resolved the trailing slashes issue in $resource.  
• input[url]: Fixed ReDoS issue in input URL 
• This fix addressed a high severity threat related to ReDoS and improves performance in URL_REGEXP (CVE-2023-26118)