angular vulnerable to regular expression denial of service via the $resource service
Moderate severity
GitHub Reviewed
Published
Mar 30, 2023
to the GitHub Advisory Database
•
Updated Nov 3, 2023
Description
Published by the National Vulnerability Database
Mar 30, 2023
Published to the GitHub Advisory Database
Mar 30, 2023
Reviewed
Apr 3, 2023
Last updated
Nov 3, 2023
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
References