Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

New angular vulnerability 8398878757 found. The tests need updating.

See original GitHub issue

A new vulnerability was found in angular:

id: 8398878757
Cross Site Scripting (XSS) in JSONP
JSONP allows untrusted resource URLs, which provides a vector for attack by malicious actors.

Affected versions: <1.6.0-rc.0
References:
  * https://github.com/angular/angular.js/commit/6476af83cd0418c84e034a955b12a842794385c4
  * https://github.com/angular/angular.js/issues/11352
  * https://snyk.io/vuln/npm:angular:20150315

The tests should be updated to expect it.

Also the JUnit reports report the wrong failure count in the testsuite node, although this doesn’t seem to make a difference in Jenkins or anywhere. While I’m making a PR for the update anyways, I might as well fix it.

Issue Analytics

State:
Created 6 years ago
Comments:8 (8 by maintainers)

Top GitHub Comments

1reaction

OSSIndex-Admincommented, May 4, 2017

I have a few test projects and am adding some test vulnerabilities. Anything in particular you think should be added? I am adding a variety of things to test:

Package with no vulnerabilities (reports no vulnerabilities)
Package with vulnerability in earlier version (reports no vulnerabilities in current version)
Package with vulnerability in later version (reports no vulnerabilities in current version)
Package with a vulnerability in ** Exact version ** An unbounded “downward” range (<2.0.0) ** An unbounded “upward” range (>0.0.0) ** A bounded range (>1.0.0 <=2.0.0)
Package versions defined in package.json in a variety of Semantic version formats.

1reaction

OSSIndex-Admincommented, Apr 27, 2017

Aw heck. I will use this as the driving force behind finally finishing #7, I’ll get some mock projects created and available shortly. Sorry 😐

That, and I will upgrade my Jenkins to run these tests properly.

Top Results From Across the Web

Security - Angular

This topic describes Angular's built-in protections against common web-application vulnerabilities and attacks such as cross-site scripting attacks.

ng new project gives Audit warnings - Stack Overflow

Open an issue in the package or dependent package issue tracker: If you do not want to fix the vulnerability or update the...

CVE-2022-4261: Rapid7 Nexpose Update Validation Issue ...

In order to exploit CVE-2022-4261, an attacker would first need to be in a ... Once applied, the update could introduce new functionality...

Angular npm - Vulnerabilities & Security Analysis - Snyk

To easily find, fix and prevent such vulnerabilties, protect your repos with Snyk! Test your GitHub repos. Vulnerable versions of angular. Older versions...

Viewing and updating Dependabot alerts - GitHub Docs

About updates for vulnerable dependencies in your repository ... identifier and the Dependabot alerts tab lists an alert for every detected vulnerability.