Description
This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service.
Note:
This package is EOL and will not receive any updates to address this issue. Users should migrate to @angular/core.
Remediation
References
Related Vulnerabilities
WordPress Plugin Custom Dashboard & Login Page-AGCA Cross-Site Scripting (6.9.1)
YOURLS Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-14537)
Oracle Application Server CVE-2007-0280 Vulnerability (CVE-2007-0280)
WordPress Plugin Booking calendar, Appointment Booking System Security Bypass (2.2.2)