Security Advisories

CGA-w94m-xv5q-8x3h

Published

Last updated

https://images.chainguard.dev/security/CGA-w94m-xv5q-8x3h

Package

solr

Latest Update

Fixed

Fixed Version

9.7.0-r1

Aliases

CVE-2021-4231
GHSA-c75v-2vq8-878f

Severity

5.4

Medium

CVSS V3

Summary

Cross site scripting in Angular

Description

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-4231
https://github.com/advisories/GHSA-c75v-2vq8-878f
https://github.com/angular/angular/issues/40136
https://github.com/angular/angular/commit/0aa220bc0000fc4d1651ec388975bbf5baa1da36
https://github.com/angular/angular/commit/47d9b6d72dab9d60c96bc1c3604219f6385649ea
https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09
https://github.com/angular/angular
https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902
https://vuldb.com/?id.181356

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-w94m-xv5q-8x3h

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources