angular is vulnerable to regular expression denial of service. An attacker can crash the application by providing a very high value of custom locale rule through the posPre
attribute in the parsePattern
function of parser.js
.
github.com/advisories/GHSA-m2h2-264f-f486
lists.fedoraproject.org/archives/list/[email protected]/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3/
lists.fedoraproject.org/archives/list/[email protected]/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO/
security.netapp.com/advisory/ntap-20220629-0009/
stackblitz.com/edit/angularjs-material-blank-zvtdvb