Описание
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was deferred |
| devel | not-affected | 1.8.3-3 |
| esm-apps/focal | released | 1.7.9-1ubuntu0.1~esm1 |
| esm-apps/jammy | released | 1.8.2-2ubuntu0.1 |
| esm-apps/noble | released | 1.8.3-1ubuntu0.24.04.1 |
| esm-infra/bionic | released | 1.5.10-1ubuntu0.1~esm1 |
| esm-infra/xenial | released | 1.2.28-1ubuntu2+esm1 |
| focal | ignored | end of standard support, was deferred [2023-05-15] |
| jammy | released | 1.8.2-2ubuntu0.1 |
| kinetic | ignored | end of life, was deferred [2023-05-15] |
Показывать по
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
Versions of the package angular from 1.0.0 are vulnerable to Regular E ...
angular vulnerable to regular expression denial of service via the $resource service
Уязвимость службы $resource среды проектирования приложений и платформы разработки одностраничных приложений Аngular, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3