apk package
chainguard/solr-oci-compat
pkg:apk/chainguard/solr-oci-compat
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-26116 | Med | 5.3 | < 9.9.0-r3 | 9.9.0-r3 | Mar 30, 2023 | Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, whi | |
| CVE-2022-25869 | Med | 4.2 | < 9.8.1-r0 | 9.8.1-r0 | Jul 15, 2022 | All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements. | |
| CVE-2021-4231 | Low | 3.5 | < 9.7.0-r1 | 9.7.0-r1 | May 26, 2022 | A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. | |
| CVE-2022-25844 | Med | 5.3 | < 9.9.0-r3 | 9.9.0-r3 | May 1, 2022 | The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This p |
- affected < 9.9.0-r3fixed 9.9.0-r3
Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, whi
- affected < 9.8.1-r0fixed 9.8.1-r0
All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements.
- affected < 9.7.0-r1fixed 9.7.0-r1
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first.
- affected < 9.9.0-r3fixed 9.9.0-r3
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This p
Page 2 of 2