GMS-2017-110: Bypass CSP protection

February 24, 2017

, AngularJS allows bootstrapping of invalid/bad svg and currentScript if it was clobbered.

References

github.com/angular/angular.js/blob/master/CHANGELOG.md
github.com/angular/angular.js/commit/95f964b827b6f5b5aab10af54f7831316c7a9935
github.com/angular/angular.js/commit/c8f78a8ca9debc33a6deaf951f344b8d372bf210

Detect and mitigate GMS-2017-110 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →