CVE-2023-26118

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-26118

CGA ID

CGA-7whw-36qf-2hpc

Severity

5.3

Medium

CVSS V3

Description

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

References

https://images.chainguard.dev/security/CGA-7whw-36qf-2hpc
https://github.com/advisories/GHSA-qwqh-hm9m-p5hr
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
https://security-tracker.debian.org/tracker/CVE-2023-26118

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2023-26118

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources