https://bugzilla.redhat.com/show_bug.cgi?id=2094052
Bug ID: 2094052 Summary: CVE-2021-4231 angular: XSS vulnerability Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: gsuckevi@redhat.com CC: aileenc@redhat.com, amctagga@redhat.com, amurdaca@redhat.com, andrew.slice@redhat.com, aoconnor@redhat.com, asm@redhat.com, bniver@redhat.com, bodavis@redhat.com, branto@redhat.com, chazlett@redhat.com, danmick@gmail.com, david@gnsa.us, dbhole@redhat.com, decathorpe@gmail.com, deparker@redhat.com, dwd@fedoraproject.org, eduardo.ramalho@gmail.com, epel-packagers-sig@lists.fedoraproject.org, erack@redhat.com, fedora@zaniyah.org, flucifre@redhat.com, fmuellner@redhat.com, fzatlouk@redhat.com, gecko-bugs-nobody@fedoraproject.org, gmalinko@redhat.com, gmeno@redhat.com, go-sig@lists.fedoraproject.org, i@stingr.net, janstey@redhat.com, jcajka@cajka.dev, jhorak@redhat.com, jochrist@redhat.com, josef@toxicpanda.com, jwon@redhat.com, kai-engert-fedora@kuix.de, kanderso@redhat.com, kkeithle@redhat.com, klaas@demter.de, klember@redhat.com, lemenkov@gmail.com, loic@dachary.org, lvaleeva@redhat.com, madam@redhat.com, mbenjamin@redhat.com, mhackett@redhat.com, muagarwa@redhat.com, ngompa13@gmail.com, ocs-bugs@redhat.com, omajid@redhat.com, pdelbell@redhat.com, pjasicek@redhat.com, polkit-devel@redhat.com, ramkrsna@gmail.com, rhughes@redhat.com, rstrode@redhat.com, rwagner@redhat.com, sandmann@redhat.com, sostapov@redhat.com, steve@silug.org, stransky@redhat.com, thofmann@fedoraproject.org, tpopela@redhat.com, trpost@rocketmail.com, vereddy@redhat.com, zebob.m@gmail.com, zsvetlik@redhat.com Blocks: 2094048 Target Milestone: --- Classification: Other
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.
References: https://vuldb.com/?id.181356 https://github.com/angular/angular/issues/40136 https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902 https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e1...
https://bugzilla.redhat.com/show_bug.cgi?id=2094052
amctagga@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2098286
https://bugzilla.redhat.com/show_bug.cgi?id=2094052
Mudit Agarwal muagarwa@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2099464
https://bugzilla.redhat.com/show_bug.cgi?id=2094052
amctagga@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2109317, 2109316
https://bugzilla.redhat.com/show_bug.cgi?id=2094052
Sandipan Roy saroy@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2109382, 2109377, 2109380, | |2109383, 2109381, 2109379, | |2109378, 2109376, 2109385, | |2109384, 2109375
https://bugzilla.redhat.com/show_bug.cgi?id=2094052
Todd Cullum tcullum@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2109681
https://bugzilla.redhat.com/show_bug.cgi?id=2094052
--- Doc Text *updated* by Avinash Hanwate ahanwate@redhat.com --- A flaw was found in the angular/core package. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in development, with SSR enabled.
https://bugzilla.redhat.com/show_bug.cgi?id=2094052
--- Doc Text *updated* by RaTasha Tillery-Smith rtillery@redhat.com --- A flaw was found in the angular/core package. Affected versions of this package are vulnerable to Cross-site scripting (XSS) in development, with Server-side rendering (SSR enabled).
https://bugzilla.redhat.com/show_bug.cgi?id=2094052
--- Comment #18 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Ceph Storage 6.1
Via RHSA-2023:3623 https://access.redhat.com/errata/RHSA-2023:3623
https://bugzilla.redhat.com/show_bug.cgi?id=2094052
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2023:3623
epel-packagers-sig@lists.fedoraproject.org