Miggo Logo

CVE-2021-4231: Cross site scripting in Angular

5.4

CVSS Score
3.1

Basic Information

EPSS Score
0.78833%
Published
5/27/2022
Updated
10/10/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
@angular/corenpm>= 11.1.0-next.0, <= 11.1.0-next.211.1.0-next.3
@angular/corenpm>= 11.0.0, < 11.0.511.0.5
@angular/corenpm< 10.2.510.2.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper escaping in comment text handling. The commit diff shows:

  1. A complete rewrite of the escaping logic in dom.ts, replacing the original END_COMMENT regex with COMMENT_DISALLOWED and COMMENT_DELIMITER patterns
  2. Test cases added/updated in security_spec.ts and dom_spec.ts demonstrating XSS via various comment closure patterns
  3. The CVE description explicitly mentions 'handling of comments' as the attack vector
  4. The patch changes focused on surrounding < and > with zero-width spaces to prevent comment boundary injection
  5. The original escapeCommentText function's limited replacement pattern left multiple XSS attack vectors unaddressed

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility w*s *oun* in *n*ul*r up to **.*.*/**.*.*-n*xt.*. It **s ***n *l*ssi*i** *s pro*l*m*ti*. *****t** is t** **n*lin* o* *omm*nts. T** m*nipul*tion l***s to *ross sit* s*riptin*. It is possi*l* to l*un** t** *tt**k r*mot*ly *ut it mi**t r*

Reasoning

T** vuln*r**ility st*ms *rom improp*r *s**pin* in *omm*nt t*xt **n*lin*. T** *ommit *i** s*ows: *. * *ompl*t* r*writ* o* t** *s**pin* lo*i* in *om.ts, r*pl**in* t** ori*in*l *N*_*OMM*NT r***x wit* *OMM*NT_*IS*LLOW** *n* *OMM*NT_**LIMIT*R p*tt*rns *.