WS-2021-0039 (Low) detected in core-11.0.5.tgz #58
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2021-0039 - Low Severity Vulnerability
Angular - the core framework
Library home page: https://registry.npmjs.org/@angular/core/-/core-11.0.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in HEAD commit: 17139d51b72651c412ed2e75354cb71bc8574100
Found in base branch: master
Cross-Site Scripting (XSS) vulnerability was found in @angular/core before 11.1.1. HTML doesn't specify any way to escape comment end text inside the comment.
Publish Date: 2021-01-26
URL: WS-2021-0039
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2021-01-26
Fix Resolution: 11.1.1
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: