Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2023-26116

Published: 30/03/2023 Updated: 07/11/2023
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Angular

Vulnerability Summary

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

angularjs angular

fedoraproject fedora 38

Vendor Advisories

Debian CVElist Bug Report Logs: angular.js: CVE-2022-25869 CVE-2023-26116 CVE-2023-26117 CVE-2023-26118
Debian Bug report logs - #1036694 angularjs: CVE-2022-25869 CVE-2023-26116 CVE-2023-26117 CVE-2023-26118 Package: src:angularjs; Maintainer for src:angularjs is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Wed, 24 May 2023 12:45:01 UTC Severity: important Tags: ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angularcopy() utility function due to the usage of an insecure regular expression Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in ...

References

CWE-1333https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redoshttps://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-26116
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook