WEB APPLICATION VULNERABILITIES Standard & Premium

AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2023-26116)

Description

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Remediation

References

Related Vulnerabilities

WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll PHP Object Injection (1.5.5)

MySQL CVE-2023-22065 Vulnerability (CVE-2023-22065)

WeBid Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000882)

phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-6626)

WordPress Plugin WP Smart Import: Import any XML File to WordPress Cross-Site Scripting (1.0.2)

Severity

Medium

Classification

CVE-2023-26116 CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Tags

Missing Update Known Vulnerabilities