apk package
wolfi/solr-oci-compat
pkg:apk/wolfi/solr-oci-compat
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-26117 | — | < 9.9.0-r3 | 9.9.0-r3 | Mar 30, 2023 | Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result i | ||
| CVE-2022-25869 | — | < 9.8.1-r0 | 9.8.1-r0 | Jul 15, 2022 | All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements. | ||
| CVE-2021-4231 | — | < 9.7.0-r1 | 9.7.0-r1 | May 26, 2022 | A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. | ||
| CVE-2022-25844 | — | < 9.9.0-r3 | 9.9.0-r3 | May 1, 2022 | The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This p |
- CVE-2023-26117Mar 30, 2023affected < 9.9.0-r3fixed 9.9.0-r3
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result i
- CVE-2022-25869Jul 15, 2022affected < 9.8.1-r0fixed 9.8.1-r0
All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements.
- CVE-2021-4231May 26, 2022affected < 9.7.0-r1fixed 9.7.0-r1
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first.
- CVE-2022-25844May 1, 2022affected < 9.9.0-r3fixed 9.9.0-r3
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This p
Page 2 of 2