CVE-2024-21490

Inefficient Regular Expression Complexity in npm/angular

Identifiers

GHSA-4w4v-5hc9-xrr2, CVE-2024-21490

Package Slug

npm/angular

Vulnerability

Inefficient Regular Expression Complexity

Description

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service.

Note:

This package is EOL and will not receive any updates to address this issue. Users should migrate to @angular/core.

Affected Versions

All versions starting from 1.3.0 up to 1.8.3

Solution

Unfortunately, there is no solution available yet.

Last Modified

2024-02-14

source