Описание
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
A flaw was found in AngularJS, where it is vulnerable to a denial of service caused by a regular expression denial of service (ReDoS) issue in the $resource service. By providing specially-crafted regex input, a remote attacker could cause a denial of service.
Отчет
In Quay 3.10 and above, no version of affected momentjs is present.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2.1 | servicemesh-grafana | Will not fix | ||
| Red Hat Ansible Tower 3 | angular | Not affected | ||
| Red Hat Ansible Tower 3 | angularjs | Not affected | ||
| Red Hat Ceph Storage 3 | grafana | Out of support scope | ||
| Red Hat Ceph Storage 4 | ceph | Affected | ||
| Red Hat Ceph Storage 4 | rhceph/rhceph-4-dashboard-rhel8 | Affected | ||
| Red Hat Ceph Storage 5 | ceph | Affected | ||
| Red Hat CodeReady Studio 12 | angularjs | Out of support scope | ||
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Not affected |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
Versions of the package angular from 1.0.0 are vulnerable to Regular E ...
angular vulnerable to regular expression denial of service via the $resource service
Уязвимость службы $resource среды проектирования приложений и платформы разработки одностраничных приложений Аngular, позволяющая нарушителю вызвать отказ в обслуживании
5.3 Medium
CVSS3