Description
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
Remediation
References
Related Vulnerabilities
WordPress Plugin Loginizer Multiple Vulnerabilities (1.3.5)
WordPress Plugin Advanced AJAX Product Filters Security Bypass (1.3.6.1)
Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-40662)
MySQL CVE-2020-14870 Vulnerability (CVE-2020-14870)
WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.6.5)