Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tMmgyLTI2NGYtZjQ4Ns3X3A
angular vulnerable to regular expression denial of service (ReDoS)
AngularJS lets users write client-side web applications. The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value.
Note:
- This package has been deprecated and is no longer maintained.
- The vulnerable versions are 1.7.0 and higher.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tMmgyLTI2NGYtZjQ4Ns3X3A
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-m2h2-264f-f486, CVE-2022-25844
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25844
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737
- https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
- https://stackblitz.com/edit/angularjs-material-blank-zvtdvb
- https://security.netapp.com/advisory/ntap-20220629-0009/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO/
- https://github.com/advisories/GHSA-m2h2-264f-f486
Affected Packages
npm:angular
Dependent packages: 4,563Dependent repositories: 57,142
Downloads: 1,825,011 last month
Affected Version Ranges: >= 1.7.0
No known fixed version
All affected versions: 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.8.0, 1.8.1, 1.8.2, 1.8.3