Description
Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
Remediation
References
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos
Related Vulnerabilities
CVE-2022-36077 Vulnerability in npm package electron
CVE-2019-0205 Vulnerability in maven package org.webjars.bower:thrift
CVE-2019-1010260 Vulnerability in maven package com.github.shyiko:ktlint
CVE-2020-7649 Vulnerability in npm package snyk-broker
CVE-2019-13990 Vulnerability in maven package org.quartz-scheduler:quartz