{"containers":{"cna":{"affected":[{"product":"angular.js","vendor":"n/a","versions":[{"status":"affected","version":"All versions prior to 1.8.0"}]}],"descriptions":[{"lang":"en","value":"angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping \"<option>\" elements in \"<select>\" ones changes parsing behavior, leading to possibly unsanitizing code."}],"problemTypes":[{"descriptions":[{"description":"Cross-site Scripting","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-10-09T15:06:12.000Z","orgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","shortName":"snyk"},"references":[{"tags":["x_refsource_MISC"],"url":"https://github.com/angular/angular.js/pull/17028%2C"},{"tags":["x_refsource_MISC"],"url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-570058"},{"name":"[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201006 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] vivekratnavel opened a new pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201006 [jira] [Created] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] dineshchitlangia commented on a change in pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201007 [GitHub] [hadoop-ozone] vivekratnavel commented on pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201008 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-commits] 20201008 [hadoop-ozone] branch master updated: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (#1481)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201008 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201009 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"report@snyk.io","ID":"CVE-2020-7676","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"angular.js","version":{"version_data":[{"version_value":"All versions prior to 1.8.0"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping \"<option>\" elements in \"<select>\" ones changes parsing behavior, leading to possibly unsanitizing code."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Cross-site Scripting"}]}]},"references":{"reference_data":[{"name":"https://github.com/angular/angular.js/pull/17028,","refsource":"MISC","url":"https://github.com/angular/angular.js/pull/17028,"},{"name":"https://snyk.io/vuln/SNYK-JS-ANGULAR-570058","refsource":"MISC","url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-570058"},{"name":"[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201006 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] vivekratnavel opened a new pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201006 [jira] [Created] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] dineshchitlangia commented on a change in pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201007 [GitHub] [hadoop-ozone] vivekratnavel commented on pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201008 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-commits] 20201008 [hadoop-ozone] branch master updated: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (#1481)","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201008 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201009 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T09:41:01.655Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/angular/angular.js/pull/17028%2C"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-570058"},{"name":"[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201006 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] vivekratnavel opened a new pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201006 [jira] [Created] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201006 [GitHub] [hadoop-ozone] dineshchitlangia commented on a change in pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201007 [GitHub] [hadoop-ozone] vivekratnavel commented on pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201008 [jira] [Updated] (HDDS-4316) Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-commits] 20201008 [hadoop-ozone] branch master updated: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676 (#1481)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201008 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E"},{"name":"[hadoop-ozone-issues] 20201009 [GitHub] [hadoop-ozone] adoroszlai merged pull request #1481: HDDS-4316. Upgrade to angular 1.8.0 due to CVE-2020-7676","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E"}]}]},"cveMetadata":{"assignerOrgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","assignerShortName":"snyk","cveId":"CVE-2020-7676","datePublished":"2020-06-08T13:34:09.000Z","dateReserved":"2020-01-21T00:00:00.000Z","dateUpdated":"2024-08-04T09:41:01.655Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}