CVE-2019-14863
published 2020-01-02CVE-2019-14863: There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| angular | angular | >= 0 < 1.5.0-beta.1 | 1.5.0-beta.1 |
| angularjs | angularjs | 1.0.0 – 1.4.14 | — |
| debian | angular.js | < angular.js 1.5.3-2 (bookworm) | angular.js 1.5.3-2 (bookworm) |
| red_hat | angular | — | — |
| redhat | decision_manager | — | — |
| redhat | process_automation | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM