CVE
CVE-2024-8373
| CVE ID |
CVE-2024-8373
|
|---|---|
| CVSS Score |
4.3
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
1.6.15
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
NVD Listing : NVD - CVE-2024-8373
Bug Fixes
ng-srcset: Addresses a Content Spoofing vulnerability and failure to sanitise image URLs set by the $compileProvider.imgSrcSanitizationWhitelist().
This patch addresses the CVE-2024-8373 vulnerability, where users could bypass image source restrictions in picture>source elements using the [srcset] attribute.
Notes: The HTML element and the srcset attribute are not supported by IE, unless polyfill is used.