acs-aem-commons icon indicating copy to clipboard operation
acs-aem-commons copied to clipboard

Published 20 hours ago verified publisher icon Adobe-Consulting-Services

Affected by CVE-2024-21490 due to Angular Javascript inside ACS AEM Commons

Open henrykuijpers opened this issue 11 months ago • 3 comments

https://nvd.nist.gov/vuln/detail/CVE-2024-21490

"This package is EOL and will not receive any updates to address this issue. Users should migrate to @angular/core."

I propose to either upgrade to the newest AngularJS, or simply remove it.

henrykuijpers avatar Mar 18 '24 14:03 henrykuijpers

There is already lots of issues regarding outdated angular: https://github.com/Adobe-Consulting-Services/acs-aem-commons/issues?q=is%3Aissue+angular+is%3Aopen. Please rather comment on existing ones.

kwin avatar Mar 18 '24 15:03 kwin

Yes, I saw that, but this is another new vulnerability with a score of 7.5. It needs to be fixed.

henrykuijpers avatar Mar 18 '24 21:03 henrykuijpers

@henrykuijpers ~is this fixed in AngularJS 1.8.2?~ Ah - teh CVE is suggesting moving to Angular from AngularJS which are entirely different frameworks (the name is biggest similarity). Could you help rewrite the apps in ACS Commons that use AngularJS in another language (React/Angular/Svelte/whatever)?

davidjgonzalez avatar Mar 18 '24 21:03 davidjgonzalez