WEB APPLICATION VULNERABILITIES Standard & Premium

AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2023-26116)

Description

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Remediation

References

Related Vulnerabilities

LimeSurvey Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2019-16175)

WordPress Plugin Clipta Video Informer Cross-Site Scripting (1.0)

WordPress Plugin Browser Blocker Cross-Site Scripting (0.5.6)

PHP Other Vulnerability (CVE-2015-6837)

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-0272)

Severity

Medium

Classification

CVE-2023-26116 CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Tags

Missing Update Known Vulnerabilities