Secure the usage of angular-ui-notification library #159

nadouani · 2017-03-27T11:55:10Z

Request Type

Bug

Work Environment

Any

Problem Description

TheHive uses an open source angular library to display notification toasts: https://github.com/alexcrack/angular-ui-notification

This library introduce a XSS vulnerability, since it trusts the messages to be displayed, as HTML.
An issue is still open to fix this vulnerability

In the meantime, we will make sure to sanitize the content we display in notification toasts

…e notification messages

nadouani added the bug label Mar 27, 2017

nadouani added this to the 2.10.2 milestone Mar 27, 2017

nadouani self-assigned this Mar 27, 2017

nadouani added a commit that referenced this issue Mar 27, 2017

#159 Sanitize the content to be displayed by AlertSrv

a7d1fee

nadouani added a commit that referenced this issue Mar 27, 2017

#159 Upgrade ui-notification library

f51208e

nadouani closed this as completed Mar 27, 2017

nadouani reopened this Mar 27, 2017

nadouani closed this as completed Mar 28, 2017

nadouani added a commit that referenced this issue Mar 28, 2017

#159 Rewrite the sanitization utility service and use it to secure th…

3a585cf

…e notification messages

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Secure the usage of angular-ui-notification library #159

Secure the usage of angular-ui-notification library #159

nadouani commented Mar 27, 2017

Secure the usage of angular-ui-notification library #159

Secure the usage of angular-ui-notification library #159

Comments

nadouani commented Mar 27, 2017

Request Type

Work Environment

Problem Description