CVE-2022-25844

angular vulnerable to regular expression denial of service (ReDoS) in npm/angular

Identifiers

CVE-2022-25844, GHSA-m2h2-264f-f486

Package Slug

npm/angular

Vulnerability

angular vulnerable to regular expression denial of service (ReDoS)

Description

The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. Note: 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.

Affected Versions

All versions starting from 1.7.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-05-05

source