forked from Stasonis/fitbit-api-example-java
-
Notifications
You must be signed in to change notification settings - Fork 0
Open
Labels
Mend: dependency security vulnerabilitySecurity vulnerability detected by WhiteSourceSecurity vulnerability detected by WhiteSource
Description
WS-2017-0119 - High Severity Vulnerability
Vulnerable Library - angularjs-1.4.3.jar
WebJar for AngularJS
Library home page: http://webjars.org
Path to dependency file: /pom.xml
Path to vulnerable library: /epository/org/webjars/angularjs/1.4.3/angularjs-1.4.3.jar
Dependency Hierarchy:
- ❌ angularjs-1.4.3.jar (Vulnerable Library)
Found in base branch: master
Vulnerability Details
All versions of Angular.js prior to 1.5.0-beta1 are vulnerable to click-hijacking.
This was caused by the svg support being turned on by default.
The svg support is now an opt-in. Applications that depend on this option can turn it back on but they should inform themselves on preventing the vulnerability while the option is turned on.
Publish Date: 2015-08-07
URL: WS-2017-0119
CVSS 3 Score Details (7.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
⛑️ Automatic Remediation is available for this issue
Metadata
Metadata
Assignees
Labels
Mend: dependency security vulnerabilitySecurity vulnerability detected by WhiteSourceSecurity vulnerability detected by WhiteSource