vulnerability

Debian: CVE-2024-8373: angular.js -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:N/I:P/A:P)	Sep 9, 2024	May 15, 2025	Jan 12, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:P)

Published

Sep 9, 2024

Added

May 15, 2025

Modified

Jan 12, 2026

Description

Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .

This issue affects all versions of AngularJS.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

Solutions

debian-upgrade-angular-jsno-fix-debian-deb-package

References

CVE-2024-8373
https://attackerkb.com/topics/CVE-2024-8373
CWE-791
DEBIAN-DLA-4242-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today