CVE-2020-7676

跨站脚本
影响
Angular JS
<1.8.0
AngularJS
未找到项目。
感叹号圆圈图标
补丁可用
HeroDevs 提供的 Never-Ending Support (NES) 版本已修复此漏洞。

复制步骤

This vulnerability can convert safe <option> tags that are surrounded by various other tags (particularly the <select> tag)  into unsafe ones, thereby opening the possibility of a Cross-Site Scripting (XSS) attack. The vulnerability is present in versions of the library prior to 1.8.0, specifically in the jqLite library.

解决问题

使用早于 1.8.0 版本 AngularJS 的客户应立即升级。

此修复包含一个破坏向后兼容性的更改,因此可以使用 UNSAFE_restoreLegacyJqLiteXHTMLReplacement 找到一个恢复旧行为的新方法。如果您选择使用这种向后兼容的方法作为临时措施,请计划尽快替换它。

学习与预防

Although there are many ways in which an XSS attack can occur that are within the developer’s control, in this case, the problem was in the method that was used to help sanitize the code. The original code used in the library was able to take already-sanitized code and turn it into unsanitized code. Sanitized, in this case, means that the code had already been “escaped.” Escaping is the process of converting risky characters such as < to safer versions (&lt;  in the case). Since it’s not possible to know the order in which various sanitization functions are executed, this improper transformation could have occurred last—thereby rendering the code insecure.

结论

1.8.0 中已修复了此漏洞,仍在使用 Angular 1.5 的 HeroDevs AngularJS 永无止境支持客户也可立即使用此漏洞。如果您希望获得支持以避免代价高昂的潜在攻击,请立即联系 HeroDevs [TODO:插入链接]。

 如果您希望获得 HeroDevs 永无止境的支持服务,请立即联系我们的销售团队

资源

NIST 2020-7676条目

漏洞详情
身份证
CVE-2020-7676
受影响的项目
Angular JS
受影响的版本
<1.8.0
出版日期
2020年6月8日
≈ 固定日期
2020年6月8日
固定在
严重性
中型
类别
跨站脚本