Low severityNVD Advisory· Published Sep 9, 2024· Updated Nov 3, 2025
AngularJS improper sanitization in '<source>' element
CVE-2024-8373
Description
Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .
This issue affects all versions of AngularJS.
Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
angularnpm | <= 1.8.3 | — |
Affected products
6- osv-coords5 versionspkg:apk/chainguard/solrpkg:apk/chainguard/solr-oci-compatpkg:apk/wolfi/solrpkg:apk/wolfi/solr-oci-compatpkg:npm/angular
< 9.8.1-r0+ 4 more
- (no CPE)range: < 9.8.1-r0
- (no CPE)range: < 9.8.1-r0
- (no CPE)range: < 9.8.1-r0
- (no CPE)range: < 9.8.1-r0
- (no CPE)range: <= 1.8.3
- Google/AngularJSv5Range: >=0.0.0
Patches
Vulnerability mechanics
References
6- codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0bghsatechnical-descriptionexploitWEB
- github.com/advisories/GHSA-mqm9-c95h-x2p6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-8373ghsaADVISORY
- www.herodevs.com/vulnerability-directory/cve-2024-8373ghsathird-party-advisoryWEB
- lists.debian.org/debian-lts-announce/2025/07/msg00005.htmlghsaWEB
- security.netapp.com/advisory/ntap-20241122-0003ghsaWEB
News mentions
0No linked articles in our index yet.