You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to vulnerable library: /epository/org/webjars/angularjs/1.4.3/angularjs-1.4.3.jar
Dependency Hierarchy:
❌ angularjs-1.4.3.jar (Vulnerable Library)
Found in base branch: master
Vulnerability Details
All versions of Angular.js prior to 1.5.0-beta1 are vulnerable to click-hijacking.
This was caused by the svg support being turned on by default.
The svg support is now an opt-in. Applications that depend on this option can turn it back on but they should inform themselves on preventing the vulnerability while the option is turned on.
WS-2017-0119 - High Severity Vulnerability
Vulnerable Library - angularjs-1.4.3.jar
WebJar for AngularJS
Library home page: http://webjars.org
Path to dependency file: /pom.xml
Path to vulnerable library: /epository/org/webjars/angularjs/1.4.3/angularjs-1.4.3.jar
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
All versions of Angular.js prior to 1.5.0-beta1 are vulnerable to click-hijacking.
This was caused by the svg support being turned on by default.
The svg support is now an opt-in. Applications that depend on this option can turn it back on but they should inform themselves on preventing the vulnerability while the option is turned on.
Publish Date: 2015-08-07
URL: WS-2017-0119
CVSS 3 Score Details (7.4)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2015-08-07
Fix Resolution: 1.5.0-rc.0
⛑️ Automatic Remediation is available for this issue
The text was updated successfully, but these errors were encountered: