CVE-2023-26116

2023-03-3005:15:07

CWE-1333

snyk

web.nvd.nist.gov

cve

2023

26116

angular

vulnerability

regular expression denial of service

redos

nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

Confidence

High

EPSS

0.002

Percentile

62.4%

JSON

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Affected configurations

Nvd

Node

angularjsangularRange1.2.21–1.8.3node.js

Node

fedoraprojectfedoraMatch38

VendorProductVersionCPE
angularjsangular*cpe:2.3:a:angularjs:angular:*:*:*:*:*:node.js:*:*
fedoraprojectfedora38cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
angularjs	angular	*	cpe:2.3:a:angularjs:angular::::::node.js::*
fedoraproject	fedora	38	cpe:2.3:o:fedoraproject:fedora:38:::::::*

CNA Affected

[
  {
    "product": "angular",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "*",
        "status": "affected",
        "version": "1.2.21",
        "versionType": "semver"
      }
    ]
  },
  {
    "product": "org.webjars.bower:angular",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "*",
        "status": "affected",
        "version": "1.2.21",
        "versionType": "semver"
      }
    ]
  },
  {
    "product": "org.webjars.npm:angular",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "*",
        "status": "affected",
        "version": "1.2.23",
        "versionType": "semver"
      }
    ]
  },
  {
    "product": "org.webjars.bowergithub.angular:angular",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "*",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]