logo
Vulnerability feed
Contributors
About
Blog
CONTRIBUTE

Vulnerability

warn

CVE-2024-21490

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2024-21490

Description:
This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).
Last updated date:
05/14/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
02/16/2024
Reference url to background

https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy