Candidate: CVE-2019-14863
PublicDate: 2020-01-02 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14863
 https://snyk.io/vuln/npm:angular:20150807
Description:
 There is a vulnerability in all angular versions before 1.5.0-beta.0, where
 after escaping the context of the web application, the web application
 delivers data to its users along with other trusted dynamic content,
 without validating it.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942833
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_angular.js:
 upstream: https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a
upstream_angular.js: released (1.5.3-2)
precise/esm_angular.js: DNE
trusty_angular.js: ignored (out of standard support)
trusty/esm_angular.js: DNE
xenial_angular.js: ignored (end of standard support, was needed)
esm-infra/xenial_angular.js: needed
bionic_angular.js: not-affected (1.5.10-1)
disco_angular.js: not-affected (1.5.10-1)
eoan_angular.js: not-affected (1.5.10-1)
focal_angular.js: not-affected (1.5.10-1)
groovy_angular.js: not-affected (1.5.10-1)
hirsute_angular.js: not-affected (1.5.10-1)
impish_angular.js: not-affected (1.5.10-1)
jammy_angular.js: not-affected (1.5.10-1)
devel_angular.js: not-affected (1.5.10-1)