CVE-2023-26116 – angular

Package

Manager: npm
Name: angular
Vulnerable Version: >=0 <=1.8.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00231 pctl0.45772

Details

angular vulnerable to regular expression denial of service via the angular.copy() utility All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Metadata

Created: 2023-03-30T06:30:26Z
Modified: 2025-02-14T18:35:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-2vrf-hf26-jrp5/GHSA-2vrf-hf26-jrp5.json
CWE IDs: ["CWE-1333"]
Alternative ID: GHSA-2vrf-hf26-jrp5
Finding: F211
Auto approve: 1