Published: 10/02/2024 Updated: 14/05/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](www.npmjs.com/package/@angular/core).

Vulnerable Product	Search on Vulmon	Subscribe to Product
angular angular

DescriptionAn Inefficient Regular Expression Complexity vulnerability was found in NodeJS Angular A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking, leading to denial of serviceAn Inefficient Regular Expression Complexity vulnerability was found in NodeJS Angul ...

CWE-1333 https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113 https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747 https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2024-21490

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-21490

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect