Affected versions of the package are vulnerable to Arbitrary Script Injection due to improper sanitization of the
$event object passed to the native constructor functions. That isn't protected by the fast paths in
angular to version 1.1.5 or higher.
- Chirayu Krishnappa, Igor Minar
- Snyk ID
- 24 Jun, 2013
- 23 Jan, 2017