Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-21490

Опубликовано: 10 фев. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 7.5

Описание

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. Note: This package is EOL and will not receive any updates to address this issue. Users should migrate to @angular/core.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

not-affected

1.8.3-3
esm-apps/focal

released

1.7.9-1ubuntu0.1~esm1
esm-apps/jammy

released

1.8.2-2ubuntu0.1
esm-apps/noble

released

1.8.3-1ubuntu0.24.04.1
esm-infra/bionic

released

1.5.10-1ubuntu0.1~esm1
esm-infra/xenial

not-affected

1.2.28-1ubuntu2
focal

ignored

end of standard support, was needed
jammy

released

1.8.2-2ubuntu0.1
mantic

ignored

end of life, was needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 82%
0.01669
Низкий

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-21490

CVSS3: 7.5
redhat
почти 2 года назад

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).

nvd логотип

CVE-2024-21490

CVSS3: 7.5
nvd
почти 2 года назад

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).

debian логотип

CVE-2024-21490

CVSS3: 7.5
debian
почти 2 года назад

This affects versions of the package angular from 1.3.0. A regular exp ...

github логотип

GHSA-4w4v-5hc9-xrr2

CVSS3: 7.5
github
почти 2 года назад

angular vulnerable to super-linear runtime due to backtracking

fstec логотип

BDU:2024-04308

CVSS3: 7.5
fstec
около 2 лет назад

Уязвимость компонента ng-srcset среды проектирования приложений и платформы разработки одностраничных приложений Аngular, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 82%
0.01669
Низкий

7.5 High

CVSS3

Уязвимость CVE-2024-21490