cve (angular 1.5.8)
-
Hello, I'm testing out Cloudron before I purchase for us and noted a couple CVE hits from the main install on a fresh install on the older version of angular being used. Is this accurate or a false positive? If accurate, can this be updated to 1.8?
-
Indeed, we use that angular version 1.5.8 and can look into updating that. Generally though I am not sure how one would exploit this in the Cloudron use-case. So I don't think it makes much difference. The only user-content which is dynamic in that sense would be the footer, but if the admin sets a malicious footer, I guess the situation is already an issue.
