Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-25844

Published: 01/05/2022 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Angular

Vulnerability Summary

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

angularjs angular

fedoraproject fedora 35

fedoraproject fedora 36

netapp ontap select deploy administration utility -

Vendor Advisories

Debian CVElist Bug Report Logs: angular.js: CVE-2022-25844
Debian Bug report logs - #1014779 angularjs: CVE-2022-25844 Package: src:angularjs; Maintainer for src:angularjs is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 11 Jul 2022 19:27:04 UTC Severity: important Tags: security, upstream Reply or subscribe t ...
Red Hat:
The package angular after 170 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' 'repeat() of NUMBER_FORMATSPATTERNS[1]posPre with a very high value **Note:** 1) This package has been deprecated and is no longer maintained 2) The vulnera ...

Github Repositories

https://github.com/RehaGoal/rehagoal-webapp

Hybrid app for assisted execution of workflows (micro-prompting) for humans

rehagoal-webapp RehaGoal is a cross-platform hybrid application for assisted execution of workflows (micro-prompting) by humans It was developed in a research project with the aim of assisting people affected by an executive dysfunction It is intended to be used integrated in a training concept (eg Goal Management Training with Errorless Learning) together with experts in

References

CWE-1333https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736https://stackblitz.com/edit/angularjs-material-blank-zvtdvbhttps://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738https://security.netapp.com/advisory/ntap-20220629-0009/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014779https://nvd.nist.govhttps://github.com/RehaGoal/rehagoal-webapphttps://access.redhat.com/security/cve/cve-2022-25844
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook