This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service.
**Note:**
This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).
References
Configurations
History
14 May 2024, 14:54
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Mar 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core). | |
References |
|
16 Feb 2024, 13:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:angular:angular:*:*:*:*:*:node.js:*:* | |
References | () https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113 - Third Party Advisory | |
References | () https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos - Exploit, Third Party Advisory | |
First Time |
Angular angular
Angular |
|
Summary |
|
10 Feb 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-10 05:15
Updated : 2024-05-14 14:54
NVD link : CVE-2024-21490
Mitre link : CVE-2024-21490
CVE.ORG link : CVE-2024-21490
JSON object : View
Products Affected
angular
- angular
CWE
CWE-1333
Inefficient Regular Expression Complexity