Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
References
Link | Resource |
---|---|
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/ | |
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323 | Exploit Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325 | Exploit Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324 | Exploit Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045 | Exploit Third Party Advisory |
https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2023-03-30T05:00:01.348Z
Updated: 2023-05-22T12:58:24.742Z
Reserved: 2023-02-20T10:28:48.923Z
Link: CVE-2023-26117
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-30T05:15:07.687
Modified: 2023-11-07T04:09:22.857
Link: CVE-2023-26117
JSON object: View
Redhat Information
No data.
CWE