Description
Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Remediation
References
Related Vulnerabilities
WordPress Plugin Super Forms-Drag & Drop Form Builder Arbitrary File Upload (4.9.700)
WordPress Plugin Simple:Press Security Bypass and Arbitrary File Upload Vulnerabilities (4.1.2)
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.15)
Oracle JRE CVE-2013-5830 Vulnerability (CVE-2013-5830)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5865)