VYPR

Angular Expressions

by Peerigon

Source repositories

CVEs (4)

  • CVE-2026-44643CriMay 11, 2026
    risk 0.58cvss 10.0epss 0.00

    Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.

  • CVE-2024-54152CriDec 10, 2024
    risk 0.54cvss epss 0.02

    Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (undisclosed) payload, one…

  • CVE-2021-21277Feb 1, 2021
    risk 0.00cvss epss 0.03

    angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compile(userControlledInput)" where…

  • CVE-2020-5219Jan 24, 2020
    risk 0.00cvss epss 0.02

    Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser…