CGA-7whw-36qf-2hpc

Published

Last updated

https://images.chainguard.dev/security/CGA-7whw-36qf-2hpc

Package

solr

RepositoryWolfi

Latest Update

Under investigation

Aliases

CVE-2023-26118
GHSA-qwqh-hm9m-p5hr

Severity

Unknown

Summary

angular vulnerable to regular expression denial of service via the <input type="url"> element

Description

All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-26118
https://github.com/advisories/GHSA-qwqh-hm9m-p5hr
https://github.com/angular/angular.js
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-7whw-36qf-2hpc

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources