CVE-2022-25844, GHSA-m2h2-264f-f486
npm/angular
angular vulnerable to regular expression denial of service (ReDoS)
The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. Note: 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.
All versions starting from 1.7.0
Unfortunately, there is no solution available yet.
2022-05-05
source |