cve (angular 1.5.8)
-
Hello, I'm testing out Cloudron before I purchase for us and noted a couple CVE hits from the main install on a fresh install on the older version of angular being used. Is this accurate or a false positive? If accurate, can this be updated to 1.8?
-
Indeed, we use that angular version 1.5.8 and can look into updating that. Generally though I am not sure how one would exploit this in the Cloudron use-case. So I don't think it makes much difference. The only user-content which is dynamic in that sense would be the footer, but if the admin sets a malicious footer, I guess the situation is already an issue.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login