CVE-2021-4231
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Angular vulnerable to Cross-site Scripting
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| npm | @angular/core | >=11.0.0,<11.0.5 | 11.0.5 |
| npm | @angular/core | >=11.1.0-next.0,<11.1.0-next.3 | 11.1.0-next.3 |
| npm | @angular/core | <10.2.5 | 10.2.5 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2021-4231
- https://github.com/angular/angular/issues/40136
- https://github.com/angular/angular/commit/0aa220bc0000fc4d1651ec388975bbf5baa1da36
- https://github.com/angular/angular/commit/47d9b6d72dab9d60c96bc1c3604219f6385649ea
- https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09
- https://github.com/angular/angular
- https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902
- https://vuldb.com/?id.181356
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.