GHSA-4w4v-5hc9-xrr2, CVE-2024-21490
npm/angular
Inefficient Regular Expression Complexity
This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service.
Note:
This package is EOL and will not receive any updates to address this issue. Users should migrate to @angular/core.
All versions starting from 1.3.0 up to 1.8.3
Unfortunately, there is no solution available yet.
2024-02-14
source |