AngularJS - Prototype Pollution Vulnerability under 1.7.9

Impact area

Security

Severity

High  

Affected element

ServiceNow

UI Script

Salesforce

Static Resource


Stat


Rule number

SN-JSL-003 (for ServiceNow)

SF-JSL-003 (for Salesforce)

Impact

Versions of AngularJS lower than 1.7.9 are vulnerable to Prototype Pollution attacks.

Remediation

Update angular.js to the latest version.

Time to fix

30 min

References

This rule is linked to Common Weakness Enumeration: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection').




Last modified on Jul 20, 2020