Description
Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
Remediation
References
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos
https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
Related Vulnerabilities
CVE-2023-25753 Vulnerability in maven package org.apache.shenyu:shenyu-common
CVE-2018-1000412 Vulnerability in maven package org.jenkins-ci.plugins:jira
CVE-2020-2253 Vulnerability in maven package org.jenkins-ci.plugins:email-ext
CVE-2021-29451 Vulnerability in maven package com.manydesigns:portofino-core
CVE-2016-9177 Vulnerability in maven package com.sparkjava:spark-core