New subject: [Bug 2094052] CVE-2021-4231 angular: XSS vulnerability

Monday, 6 June 2022

https://bugzilla.redhat.com/show_bug.cgi?id=2094052

            Bug ID: 2094052
           Summary: CVE-2021-4231 angular: XSS vulnerability
           Product: Security Response
          Hardware: All
                OS: Linux
            Status: NEW
         Component: vulnerability
          Keywords: Security
          Severity: low
          Priority: low
          Assignee: security-response-team(a)redhat.com
          Reporter: gsuckevi(a)redhat.com
                CC: aileenc(a)redhat.com, amctagga(a)redhat.com,
                    amurdaca(a)redhat.com, andrew.slice(a)redhat.com,
                    aoconnor(a)redhat.com, asm(a)redhat.com,
                    bniver(a)redhat.com, bodavis(a)redhat.com,
                    branto(a)redhat.com, chazlett(a)redhat.com,
                    danmick(a)gmail.com, david(a)gnsa.us, dbhole(a)redhat.com,
                    decathorpe(a)gmail.com, deparker(a)redhat.com,
                    dwd(a)fedoraproject.org, eduardo.ramalho(a)gmail.com,
                    epel-packagers-sig(a)lists.fedoraproject.org,
                    erack(a)redhat.com, fedora(a)zaniyah.org,
                    flucifre(a)redhat.com, fmuellner(a)redhat.com,
                    fzatlouk(a)redhat.com,
                    gecko-bugs-nobody(a)fedoraproject.org,
                    gmalinko(a)redhat.com, gmeno(a)redhat.com,
                    go-sig(a)lists.fedoraproject.org, i(a)stingr.net,
                    janstey(a)redhat.com, jcajka(a)cajka.dev,
                    jhorak(a)redhat.com, jochrist(a)redhat.com,
                    josef(a)toxicpanda.com, jwon(a)redhat.com,
                    kai-engert-fedora(a)kuix.de, kanderso(a)redhat.com,
                    kkeithle(a)redhat.com, klaas(a)demter.de,
                    klember(a)redhat.com, lemenkov(a)gmail.com,
                    loic(a)dachary.org, lvaleeva(a)redhat.com,
                    madam(a)redhat.com, mbenjamin(a)redhat.com,
                    mhackett(a)redhat.com, muagarwa(a)redhat.com,
                    ngompa13(a)gmail.com, ocs-bugs(a)redhat.com,
                    omajid(a)redhat.com, pdelbell(a)redhat.com,
                    pjasicek(a)redhat.com, polkit-devel(a)redhat.com,
                    ramkrsna(a)gmail.com, rhughes(a)redhat.com,
                    rstrode(a)redhat.com, rwagner(a)redhat.com,
                    sandmann(a)redhat.com, sostapov(a)redhat.com,
                    steve(a)silug.org, stransky(a)redhat.com,
                    thofmann(a)fedoraproject.org, tpopela(a)redhat.com,
                    trpost(a)rocketmail.com, vereddy(a)redhat.com,
                    zebob.m(a)gmail.com, zsvetlik(a)redhat.com
            Blocks: 2094048
  Target Milestone: ---
    Classification: Other

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been
classified as problematic. Affected is the handling of comments. The
manipulation leads to cross site scripting. It is possible to launch the attack
remotely but it might require an authentication first. Upgrading to version
11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch
is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the
affected component.

References:
https://vuldb.com/?id.181356
https://github.com/angular/angular/issues/40136
https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902
https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b4...

-- 
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2094052

2024

2023

2022

2021

[Bug 2094052] New: CVE-2021-4231 angular: XSS vulnerability