![CVE-2022-25844 In 1.7.0, the ' ' parameter of the posPre: 'repeat() of NUMBER_FORMATS.PATTERNS[1].posPre can be set with a very high volume.](/content/images/size/w1200/2022/08/CVE-2022-25844.png)
It has been reported that the 1.7.1 and 1.7.2 versions are not vulnerable. Therefore, these versions are still recommended as they have already been fixed. Angular versions 1.6.0 to 1.7.2 are vulnerable to a XSS (Cross-Site Scripting) issue via the injected value of the document.currentScript property. This can be exploited to run arbitrary JavaScript within the context of an authenticated user. The issue arises from the fact that the document.currentScript property is defined on any DOM node and not just the Window object as it normally would be. This means that if an application loads a malicious script from an untrusted source, it could be executed by the user, allowing for a XSS attack. It has been reported that the 1.7.1 and 1.7.2 versions are not vulnerable. Therefore, these versions are still recommended as they have already been fixed. Angular versions 1.6.0 to 1.7.2 are vulnerable to a XSS (Cross-Site Scripting) issue via the injected value of the property. This can be exploited to run arbitrary JavaScript within the context of an authenticated user. The issue arises from the fact that the property is defined on any DOM node and not just the Window object as it normally would be. This means that if an application loads a malicious script from an untrusted source, it could be executed by the user, allowing for a XSS attack.
Solution
The affected versions of Angular have been fixed in the following release: 1.7.3
Therefore, if you are using the vulnerable versions, it is recommended to upgrade to the latest version.
Summary
Angular versions 1.6.0 to 1.7.2 are vulnerable to a XSS (Cross-Site Scripting) issue via the injected value of the document.currentScript property. This can be exploited to run arbitrary JavaScript within the context of an authenticated user. The issue arises from the fact that the document.currentScript property is defined on any DOM node and not just the Window object as it normally would be. This means that if an application loads a malicious script from an untrusted source, it could be executed by the user, allowing for a XSS attack
Timeline
Published on: 05/01/2022 16:15:00 UTC
Last modified on: 06/29/2022 19:15:00 UTC
References
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737
- https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736
- https://stackblitz.com/edit/angularjs-material-blank-zvtdvb
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738
- https://security.netapp.com/advisory/ntap-20220629-0009/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25844