Home > Vulnerability Database > WS-2016-0055

Mend.io Vulnerability Database

WS-2016-0055

Date: July 21, 2016

"Angular is HTML enhanced for web apps.The sandbox (while not a security feature) is supposed to error on access to constructor properties. In its current state it is trivial to bypass.The expected behavior is that the sandbox would throw an 'Assigning to constructor is disallowed' error."

Language: JS

Severity Score

7.4

Related Resources (3)

Url: https://github.com/angular/angular.js/commit/d7e31b5dc71253edb22190a5850034934e7b778a

Url: https://github.com/angular/angular.js/issues/14939

Url: https://www.mend.io/vulnerability-database/WS-2016-0055

Severity Score

7.4

Weakness Type (CWE)

Authentication Bypass by Assumed-Immutable Data

CWE-302

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2016-0055

Date: July 21, 2016

Language: JS

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?