Описание
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| angular.js | fixed | 1.8.3-2 | package | |
| angular.js | fixed | 1.8.3-1+deb12u1 | bookworm | package |
| angular.js | no-dsa | buster | package |
Примечания
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
PoC: https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos
EPSS
Связанные уязвимости
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
angular vulnerable to regular expression denial of service via the <input type="url"> element
Уязвимость функции input[url] среды проектирования приложений и платформы разработки одностраничных приложений Аngular, позволяющая нарушителю вызвать отказ в обслуживании
EPSS