Since AngularJS reached End-of-Life (EOL) on December 31st, 2021 a number of CVEs have been publicly disclosed:
- CVE-2022-25869 - XLTS.dev discovered this vulnerability during our routine cross-browser End-To-End testing automation. We disclosed this Medium Severity CVE through Snyk. Prior to this CVE being published, XLTS.dev provided a fix in XLTS for AngularJS version 1.9.0 and 1.5.16. We then emailed our XLTS for AngularJS announcement lists about the release on May 25th, 2022 (for 1.9.0) and June 15th, 2022 (for 1.5.16).
- CVE-2022-25844 - XLTS.dev discovered this vulnerability during our routine scans and analysis. We disclosed this Medium Severity CVE through Snyk. Prior to this CVE being published, XLTS.dev provided a fix in XLTS for AngularJS version 1.8.8 and emailed our XLTS for AngularJS announcement list about the release on April 21st 2022.
For a full list of known vulnerabilities in AngularJS (including those impacting older versions of AngularJS), you can visit the AngularJS vulnerabilities page on Snyk.
Jul 18, 2022