angular vulnerable to regular expression denial of service (ReDoS)

AngularJS lets users write client-side web applications. The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very...

GHSA-M2H2-264F-F486 angular vulnerable to regular expression denial of service (ReDoS)

AngularJS lets users write client-side web applications. The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very...

CVE-2022-25844

A flaw was found in the Angular package. The angular package is vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value...

CVE-2022-25844

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

DEBIAN-CVE-2022-25844

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

CVE-2022-25844

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

Code injection

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

UBUNTU-CVE-2022-25844

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

CVE-2022-25844

CVE-2022-25844 affects AngularJS (angular.js) 1.7.0 and newer, exploited via a ReDoS in a custom locale rule that enables a very large value for NUMBER_FORMATS.PATTERNS[1].posPre through posPre: ' '.repeat(). The CVE is noted as the package being deprecated. Debian advisory confirms a fix in angu...

CVE-2022-25844 Regular Expression Denial of Service (ReDoS)

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

CVE-2022-25844

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

EulerOS Virtualization 2.10.1 : python3 (EulerOS-SA-2022-1385)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2022-1411)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Reddit: Regular Expression Denial of Service vulnerability

Summary: The vulnerability I have found is classified as a Regular Expression Denial of Service. While inspecting the source code file RealtimeGQLSubscriptionAsync.js I came across the nodemodule subscriptions-transport-ws See Screenshot 1. The search result of the subscriptions-transport-ws...

GitLab: ReDoS in net/http affects webhooks: Sidekiq job stuck at 100% CPU for a year

Summary A Gitlab webhook may be pointed at a malicious webhook receiver. The webhook receiver can respond with a specially crafted long header. Gitlab processes the header with Ruby's net/http where there is a regular expression operation with quadratic complexity ReDoS. This causes the webhook...

PT-2023-12176

Name of the Vulnerable Software and Affected Versions mechanize versions prior to 0.4.6 Description The mechanize library, used for automatically interacting with HTTP web servers, contains a regular expression vulnerable to regular expression denial of service ReDoS. If a web server responds...

CVE-2022-25598

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service ReDoS attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher...

CVE-2022-25598

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service ReDoS attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher...

PYSEC-2022-176

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service ReDoS attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher...

Design/Logic Flaw

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service ReDoS attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher...