@angular/core: @angular/core: Cross-Site Scripting (XSS) via dynamic component creation bypass
Summary
@angular/core: @angular/core: Cross-Site Scripting (XSS) via dynamic component creation bypass. Red Hat rates this moderate (CVSS 6.8). Weakness: CWE-791.
- < 22.0.0-rc
- < 21.2.15
- < 20.3.22
- < 19.2.23
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 22.0.0
- 21.2.15
- 20.3.22
- 19.2.23
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Users of applications built with @angular/core versions prior to 19.2.23, 20.3.22, 21.2.15, or 22.0.0-rc.2 should upgrade to the fixed versions. Applications that do not use the createComponent API with user-controlled host element parameters are not exploitable.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.