Description
Versions of i18n-node-angular prior to 1.4.0 are affected by denial of service and cross-site scripting vulnerabilities. The vulnerabilities exist in a REST endpoint that was created for development purposes, but was not disabled in production in affected versions.
Recommendation
Update the i18n-node-angular package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.4.0
- Patched version(s): 1.4.0
References
Related Issues
- Regular Expression Denial of Service in moment (GHSA-87vv-r9j6-g5qv) - CVE-2016-4055
- angular vulnerable to regular expression denial of service (ReDoS) - CVE-2022-25844
- angular vulnerable to regular expression denial of service via the <input type="url"> element - CVE-2023-26118
- angular vulnerable to regular expression denial of service via the $resource service - CVE-2023-26117
- Tags:
- npm
- i18n-node-angular
Anything's wrong? Let us know Last updated on February 01, 2023