CVE-2024-8372 CVE-2024-8373 CVE-2024-21490 CVE-2025-0716 CVE-2025-2336 Debian Bug : #1014779 #1036694 #1088804 #1088805 #1104485
angular.js a popular JavaScript framework was affected by multiple vulnerabilities.
CVE-2022-25844
A Regular Expression Denial of Service vulnerability (ReDoS)
was found by providing a custom locale rule that makes
it possible to assign the parameter in posPre: ' '.repeat()
of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value
CVE-2023-26116
A Regular Expression Denial of Service (ReDoS) was found
via the angular.copy() utility function due to the usage
of an insecure regular expression.
CVE-2023-26117
A Regular Expression Denial of Service (ReDoS) was found
via the $resource service due to the usage of an insecure
regular expression.
CVE-2023-26118
A Regular Expression Denial of Service (ReDoS) was found
via the <input type="url"> element due to the usage of an
insecure regular expression in the input[url] functionality.
Exploiting this vulnerability is possible by a large
carefully-crafted input, which can result in catastrophic
backtracking.
CVE-2024-8372
Improper sanitization of the value of the 'srcset'
attribute in AngularJS allows attackers to bypass
common image source restrictions, which can also
lead to a form of Content Spoofing
CVE-2024-8373
Improper sanitization of the value of the [srcset]
attribute in <source> HTML elements in AngularJS allows
attackers to bypass common image source restrictions,
which can also lead to a form of Content Spoofing
CVE-2024-21490
A regular expression used to split
the value of the ng-srcset directive is vulnerable to
super-linear runtime due to backtracking. With large
carefully-crafted input, this can result in catastrophic
backtracking and cause a denial of service.
CVE-2025-0716
Improper sanitization of the...
1.8.3-1+deb12u1~deb11u1