angular vulnerable to regular expression denial of service via the $resource service
- Severity:
- Medium
Description
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.8.3
References
- GHSA-2qqx-w9hr-q5gx
- security.snyk.io
- stackblitz.com
- lists.fedoraproject.org
- lists.debian.org
- CVE-2023-26117
- CWE-1333
- CAPEC-310
- OWASP 2021-A6
Related Issues
- angular vulnerable to regular expression denial of service via the <input type="url"> element - CVE-2023-26118
- angular vulnerable to regular expression denial of service via the angular.copy() utility - CVE-2023-26116
- steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments - CVE-2022-37262
- steal vulnerable to Regular Expression Denial of Service via input variable - CVE-2022-37260
- Tags:
- npm
- angular
Anything's wrong? Let us know Last updated on November 03, 2025