Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-26116

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Published

2023-03-30T05:15:07.410

Last Modified

2025-02-14T16:15:33.003

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-1333
Type: Primary
CWE-1333
Type: Secondary
CWE-1333

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	angularjs	angular	≤ 1.8.3	Yes
Operating System	fedoraproject	fedora	38	Yes

References

https://lists.fedoraproject.org/archives/list/[email protected]/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/ ([email protected])
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320 Exploit, Third Party Advisory ([email protected])
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322 Exploit, Third Party Advisory ([email protected])
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321 Exploit, Third Party Advisory ([email protected])
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044 Exploit, Third Party Advisory ([email protected])
https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos Exploit, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)