CVE-2020-5219

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution.
Configurations

Configuration 1

cpe:2.3:a:peerigon:angular-expressions:*:*:*:*:*:node.js:*:*

Information

Published : 2020-01-24 04:15

Updated : 2020-01-31 08:50


NVD link : CVE-2020-5219

Mitre link : CVE-2020-5219

Products Affected
No products.
CWE