New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CAST Issue raised (CVE-2024-21490) #54807
Comments
Angular version 14 is no longer under support. Please see https://angular.io/guide/releases#actively-supported-versions |
@alan-agius4 For the supported versions, is the mentioned issue fixed because they have mentioned that all versions above 1.3.0 would have this issue. If that's the case updating the version wouldn't help us. |
This issue has been automatically locked due to inactivity. Read more about our automatic conversation locking policy. This action has been performed automatically by a bot. |
Which @angular/* package(s) are the source of the bug?
core
Is this a regression?
No
Description
We are facing an issue (CVE-2024-21490) on CAST scanner report with a score of 7.5
They had asked to migrate to [@angular/core] for the counter measure but in our project we are already using "@angular/core": "^14.3.0". How do I resolve this?
Here is package.json for reference
"dependencies": {
"@angular-builders/custom-webpack": "^14.1.0",
"@angular/animations": "^14.3.0",
"@angular/cdk": "^14.2.7",
"@angular/common": "^14.3.0",
"@angular/compiler": "^14.3.0",
"@angular/core": "^14.3.0",
"@angular/forms": "^14.3.0",
"@angular/platform-browser": "^14.3.0",
"@angular/platform-browser-dynamic": "^14.3.0",
"@angular/router": "^14.3.0",
"@hilit/hilit-util": "0.0.0-alpha.5",
"@hilit/icon-style": "0.0.16",
"@hilit/microfrontend-interaction": "0.0.0-alpha.1",
"@hilit/tables": "0.0.0-alpha.25",
"@kolkov/angular-editor": "^1.2.0",
"@ngx-translate/core": "0.0.6",
"@ngx-translate/http-loader": "^4.0.0",
"@xmldom/xmldom": "0.8.7",
"async": "^3.2.4",
"chart.js": "^2.9.3",
"crypto-js": "^4.1.1",
"dexie": "^3.2.2",
"diff": "^3.3.1",
"express": "4.17.3",
"follow-redirects": "1.15.2",
"immer": "^9.0.15",
"inline-worker": "^1.1.0",
"jquery": "^3.6.1",
"jsdom": "21.1.1",
"json-schema": "0.4.0",
"jspdf": "^2.3.1",
"jspdf-autotable": "^3.5.25",
"minimist": "^1.2.6",
"moment": "^2.29.4",
"moment-timezone": "^0.5.37",
"ngx-extended-pdf-viewer": "^9.0.5",
"ngx-owl-carousel-o": "^5.1.1",
"optionator": "^0.9.1",
"path-parse": "^1.0.7",
"primeng": "^9.1.3",
"qs": "^6.11.0",
"rxjs": "~6.6.7",
"single-spa-angular": "^7.1.0",
"static-eval": "2.1.0",
"tslib": "^2.0.0",
"web-animations-js": "^2.3.2",
"webpack-merge": "^5.9.0",
"zone.js": "~0.11.4"
},
"devDependencies": {
"@angular-devkit/build-angular": "^14.2.12",
"@angular/cli": "^14.2.12",
"@angular/compiler-cli": "^14.3.0",
"@angular/language-service": "^14.3.0",
"@types/jasmine": "~3.3.8",
"@types/jasminewd2": "~2.0.10",
"@types/node": "^12.11.1",
"async": "^3.2.4",
"codelyzer": "^5.1.2",
"jasmine-core": "~3.5.0",
"jasmine-spec-reporter": "~5.0.0",
"karma": "~6.4.2",
"karma-coverage": "^2.2.1",
"karma-chrome-launcher": "~3.1.0",
"karma-coverage-istanbul-reporter": "~3.0.2",
"karma-jasmine": "~4.0.0",
"karma-jasmine-html-reporter": "^1.5.0",
"protractor": "~7.0.0",
"ts-node": "~7.0.0",
"tslint": "~6.1.0",
"typescript": "~4.6.4",
"webpack": "^5.88.2"
}
Please provide a link to a minimal reproduction of the bug
No response
Please provide the exception or error you saw
No response
Please provide the environment you discovered this bug in (run
ng version
)No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: