cbcvebase.

Peerigon Angular-Expressions vulnerabilities

4 known vulnerabilities affecting peerigon/angular-expressions.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2

Vulnerabilities

Page 1 of 1
CVE-2026-44643P2CRITICALCVSS 10.0fixed in 1.5.22026-05-11
CVE-2026-44643 [CRITICAL] CWE-95 CVE-2026-44643: Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Pr Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.
ghsanvd
CVE-2024-54152P2CRITICALCVSS 9.3fixed in 1.4.32024-12-10
CVE-2024-54152 [CRITICAL] CWE-94 CVE-2024-54152: Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Pr Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (undisclosed) payload, one can get full access to Arbitrary code execution on the system. The pro
ghsanvdosv
CVE-2021-21277P3HIGHCVSS 8.8fixed in 1.1.22021-02-01
CVE-2021-21277 [HIGH] CWE-74 CVE-2021-21277: angular-expressions is "angular's nicest part extracted as a standalone module for the browser and n angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compile(userControlledInput)" where "userControlledInput" is text that comes from user input. The security of the packa
ghsanvdosv
CVE-2020-5219P3HIGHCVSS 8.8fixed in 1.0.12020-01-24
CVE-2020-5219 [HIGH] CWE-74 CVE-2020-5219: Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expre Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInpu
ghsanvdosv
Peerigon Angular-Expressions vulnerabilities | cvebase