We found results for “”
WS-2016-0055
Date: July 21, 2016
"Angular is HTML enhanced for web apps.The sandbox (while not a security feature) is supposed to error on access to constructor properties. In its current state it is trivial to bypass.The expected behavior is that the sandbox would throw an 'Assigning to constructor is disallowed' error."
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Authentication Bypass by Assumed-Immutable Data
CWE-302CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | NONE |