CVE-2023-26116
https://notcve.org/view.php?id=CVE-2023-26116
Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321 https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044 https://stackblitz.com/edit/angul • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2023-26118
https://notcve.org/view.php?id=CVE-2023-26118
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327 https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046 https://stackblitz.com/edit/angul • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2023-26117
https://notcve.org/view.php?id=CVE-2023-26117
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324 https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045 https://stackblitz.com/edit/angul • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2022-25869 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-25869
All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements. Todas las versiones del paquete angular son vulnerables a un ataque de tipo Cross-site Scripting (XSS) debido al almacenamiento en caché no seguro de la página en el navegador Internet Explorer, que permite la interpolación de elementos (textarea) • https://glitch.com/edit/%23%21/angular-repro-textarea-xss https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782 https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-25844 – Regular Expression Denial of Service (ReDoS)
https://notcve.org/view.php?id=CVE-2022-25844
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher. El paquete angular versiones posteriores a 1.7.0 son vulnerables a una Denegación de Servicio por Expresión Regular (ReDoS) al proporcionar una regla de localización personalizada que permite asignar el parámetro en posPre: " ".repeat() de NUMBER_FORMATS.PATTERNS[1].posPre con un valor muy alto. **Nota:** 1) Este paquete ha quedado obsoleto y ya no es mantenido. 2) Las versiones vulnerables son 1.7.0 y superiores • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO https://security.netapp.com/advisory/ntap-20220629-0009 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737 https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735 https: • CWE-1333: Inefficient Regular Expression Complexity •