Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
References
Link | Resource |
---|---|
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/ | |
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326 | Exploit Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328 | Exploit |
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327 | Exploit Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046 | Exploit Third Party Advisory |
https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2023-03-30T05:00:02.352Z
Updated: 2023-05-22T12:58:53.331Z
Reserved: 2023-02-20T10:28:48.923Z
Link: CVE-2023-26118
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-30T05:15:07.750
Modified: 2023-11-07T04:09:23.037
Link: CVE-2023-26118
JSON object: View
Redhat Information
No data.
CWE