CVE-2024-8372 – This AngularJS vulnerability allows attackers t... (How to Fix)

Q: What is the severity of CVE-2024-8372?

CVE-2024-8372 has a CVSS score of 4.8 (MEDIUM). This AngularJS vulnerability allows attackers to bypass image source restrictions via improper sanitization of the 'srcset' attribute, enabling content spoofing attacks. It affects AngularJS versions 1.3.0-rc.4 and greater, but AngularJS is end-of-life and won't receive official patches.

📋 TL;DR

This AngularJS vulnerability allows attackers to bypass image source restrictions via improper sanitization of the 'srcset' attribute, enabling content spoofing attacks. It affects AngularJS versions 1.3.0-rc.4 and greater, but AngularJS is end-of-life and won't receive official patches.

💻 Affected Systems

Products:

AngularJS

Versions: 1.3.0-rc.4 and greater

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: AngularJS is end-of-life (EOL) and no longer maintained. This affects any application using AngularJS with user-controlled input in srcset attributes.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could spoof legitimate content on websites, potentially tricking users into revealing sensitive information or performing unintended actions through convincing fake interfaces.

🟠

Likely Case

Content spoofing where attackers display misleading images or content that appears legitimate, potentially damaging brand reputation or enabling phishing-like attacks.

🟢

If Mitigated

With proper Content Security Policies and input validation, the impact is limited to visual deception without direct code execution or data theft.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept demonstrates the bypass technique. Exploitation requires user interaction or content injection opportunities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: https://docs.angularjs.org/misc/version-support-status

Restart Required: No

Instructions:

No official patch available due to AngularJS end-of-life status. Migrate to supported Angular versions or implement workarounds.

🔧 Temporary Workarounds

Implement custom sanitization

all

Add custom sanitization for srcset attributes to validate and sanitize image sources before rendering.

Implement custom AngularJS sanitizer that validates srcset URLs against allowlists

Content Security Policy (CSP)

all

Implement strict Content Security Policy to restrict image sources to trusted domains only.

Content-Security-Policy: img-src 'self' trusted-cdn.example.com;

🧯 If You Can't Patch

Implement strict input validation on all user-controlled fields that could affect srcset attributes
Deploy web application firewall (WAF) rules to detect and block suspicious srcset attribute patterns

🔍 How to Verify

Check if Vulnerable:

Check AngularJS version in application dependencies. If version is 1.3.0-rc.4 or higher and application uses srcset attributes with user input, it's vulnerable.

Check Version:

Check package.json for AngularJS version or inspect loaded AngularJS library version in browser developer tools

Verify Fix Applied:

Test that custom sanitization properly validates srcset URLs and CSP headers are correctly implemented and enforced.

📡 Detection & Monitoring

Log Indicators:

Unusual srcset attribute patterns in request logs
Multiple failed image loads from unexpected domains

Network Indicators:

Image requests to unexpected or suspicious domains
Patterns of srcset attributes with encoded payloads

SIEM Query:

Search for web requests containing suspicious srcset patterns or image loads from non-whitelisted domains

📊 Metadata

CVE ID: CVE-2024-8372

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-1289

Published: September 9, 2024

Last Updated: November 20, 2025

🔗 References

https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017 Exploit,Third Party Advisory
https://www.herodevs.com/vulnerability-directory/cve-2024-8372 Exploit,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
https://security.netapp.com/advisory/ntap-20241122-0002/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8372, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Active Iq Unified Manager by Netapp

Active Iq Unified Manager by Netapp

Active Iq Unified Manager by Netapp

Angularjs by Angularjs

Angularjs by Angularjs

Angularjs by Angularjs

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Implement custom sanitization

Content Security Policy (CSP)

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities