Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    cve (angular 1.5.8)

    Discuss
    security
    2
    2
    141
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Olgoonik-IT
      Olgoonik-IT last edited by girish

      Hello, I'm testing out Cloudron before I purchase for us and noted a couple CVE hits from the main install on a fresh install on the older version of angular being used. Is this accurate or a false positive? If accurate, can this be updated to 1.8?

      https://security.snyk.io/vuln/SNYK-JS-ANGULAR-572020

      1 Reply Last reply Reply Quote 0
      • nebulon
        nebulon Staff last edited by

        Indeed, we use that angular version 1.5.8 and can look into updating that. Generally though I am not sure how one would exploit this in the Cloudron use-case. So I don't think it makes much difference. The only user-content which is dynamic in that sense would be the footer, but if the admin sets a malicious footer, I guess the situation is already an issue.

        1 Reply Last reply Reply Quote 2
        • First post
          Last post
        Powered by NodeBB