Description
This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).
Remediation
References
Related Vulnerabilities
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-2748)
Oracle Application Server Other Vulnerability (CVE-2002-0568)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2004-0079)
Grafana CVE-2021-27358 Vulnerability (CVE-2021-27358)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29509)