Description
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. Note: 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.
Remediation
References
Related Vulnerabilities
WordPress Plugin bSuite Cross-Site Scripting (4.0.7)
Oracle JRE Incorrect Conversion between Numeric Types Vulnerability (CVE-2022-34169)
WordPress Plugin Export User Data Cross-Site Scripting (1.3.1)
Oracle JRE Incorrect Default Permissions Vulnerability (CVE-2024-20921)
WordPress Plugin CM Pop-Up banners for WordPress SQL Injection (1.5.10)