CVE-2020-7676: Cross-site Scripting

June 8, 2020 (updated October 9, 2020)

Angular suffers from a cross site scripting flaw. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping <option> in <select> tags changes parsing behavior, leading to possibly unsanitizing code.

References

nvd.nist.gov/vuln/detail/CVE-2020-7676

Detect and mitigate CVE-2020-7676 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →