View all Vulnerabilities

CVE-2024-33665

Cross-Site Scripting
Affects
Angular Translate
>=2.19.1
Patch Available
This Vulnerability has been fixed in the Never-Ending Support (NES) version offered by HeroDevs
View NES Solution

Steps To Reproduce:

The vulnerability can be triggered by injecting malicious code into input fields that are then processed by the translate directive. A proof of concept demonstrating this exploit is available on StackBlitz, showing how malicious scripts can be introduced into a system using angular-translate.

Addressing The Issue:

Despite angular-translate for AngularJS reaching its end-of-life, HeroDevs has stepped up to provide a critical patch to address this vulnerability. This patch ensures that input keys are properly sanitized, thus blocking the potential for XSS attacks through this vector.

HeroDevs clients paying for AngularJS Essentials Never-Ending Support received the fix for this issue in the latest NES version of angular-translate (angularjs-essentials@1.8.3-angular-translate-2.20.1). If you haven’t installed the latest version yet or need assistance, please contact our support team for help.

For all other Angular-translate users, please consider a speedy migration away from Angular-translate. Alternatively, please reach out to explore how easy it is to receive secure AngularJS updates from HeroDevs.

Learning And Prevention:

To further assist the community, HeroDevs offers detailed guidance on preventing similar vulnerabilities in the future. Key strategies include sanitizing data inputs, particularly those that interact with critical components like translation directives. We also recommended regularly reviewing and updating third-party libraries to catch and address potential security flaws before they can be exploited.

Conclusion:

CVE-2024-33665 serves as a reminder of the importance of maintaining and securing software, even after it has reached end-of-life. With proactive measures and community support, we can ensure a safer digital environment for all users.

If you are interested in receiving security, compliance, and compatibility support for AngularJS and supporting libraries, please contact us about Angular.

Stay secure and ensure your systems are updated with the latest patches from HeroDevs. For more insights and security updates, keep following our blog.

Resources:

Angular Translate NPM Package: npmjs.com/package/angular-translate

GitHub Repository: github.com/angular-translate/angular-translate

Security Issue Report: github.com/angular-translate/angular-translate/issues/1418

Vulnerability Details

ID
CVE-2024-33665
Libraries Affected
Angular Translate
Versions Affected
>=2.19.1
≈ Fix date
February 1, 2024
Fixed in
AngularJS NES
Severity
Medium
Category
Cross-Site Scripting

Sign up for alerts

Get alerted whenever a new vulnerability is fixed in the open source software we support.

Saving the day when your open source software is sunsetting
+1 877-586-1965
hello@herodevs.com
8850 S 700 E #2437
Sandy, UT 84070
Company
Home
Careers
Pricing
Partners
Pro Services
Contact
Products
All Products
Angular NES
jQuery NES
Drupal 7 NES
AngularJS NES
Vue 2 NES
Bootstrap NES
Nuxt NES
Spring NES
Protractor NES
Resources
Blog
Vulnerability Directory
Newsletters
Legal
Privacy Policy
Terms of Service
Socials
© 2024 herodevs.com  |  All Rights Reserved