AngularJS Improper Sanitization Vulnerability in Source Elements Allowing Content Spoofing

A vulnerability exists in AngularJS due to improper sanitization of the 'srcset' attribute in '<source>' HTML elements. This flaw allows attackers to bypass standard image source restrictions, potentially leading to content spoofing. The issue affects all versions of AngularJS, which is no longer actively maintained. When exploited, this vulnerability could result in unauthorized addition or modification of data.

Impact

Exploitation of this vulnerability could allow for content spoofing, where an attacker injects misleading information that appears to come from a trusted source.

Reproduction

To reproduce this vulnerability, create an AngularJS application and configure the '$compileProvider' to only allow images from a specific domain. Then, use the 'ng-attr-srcset' directive on a '<source>' element to bypass the restriction and display an image from a disallowed domain. Alternatively, interpolation can be used to achieve the same effect.

Remediation

The AngularJS project is End-of-Life and will not receive updates. Users should migrate applications away from AngularJS or consider using a commercial support partner like HeroDevs for post-EOL security support.