1344 matches found
CVE-2022-25844
A flaw was found in the Angular package. The angular package is vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value...
CVE-2022-25844
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...
DEBIAN-CVE-2022-25844
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...
Code injection
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...
CVE-2022-25844
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...
UBUNTU-CVE-2022-25844
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...
CVE-2022-25844 Regular Expression Denial of Service (ReDoS)
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...
CVE-2022-25844
CVE-2022-25844 affects AngularJS (angular.js) 1.7.0 and newer, exploited via a ReDoS in a custom locale rule that enables a very large value for NUMBER_FORMATS.PATTERNS[1].posPre through posPre: ' '.repeat(). The CVE is noted as the package being deprecated. Debian advisory confirms a fix in angu...
CVE-2022-25844
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...
PT-2022-6868
Name of the Vulnerable Software and Affected Versions angular versions 1.7.0 and higher Description The issue is related to the use of a regular expression with inefficient computational complexity in the Angular application design environment and single-page application development platform. Thi...
10.30.npm-learning (>=1.0.0 <=1.1.0), 2017_node (=1.0.0) +2680 more potentially affected by CVE-2022-25844 via angular (>=1.7.0 <=1.8.3)
angular NPM version =1.7.0, =1.0.0, =4.13.7-rc4, =1.103.1, =1.103.1, =1.102.4, =1.102.3, =1.102.3, =1.4.156, =1.0.3, =1.0.0, =1.0.0, =0.5.0, =0.5.2 and more Source cves: CVE-2022-25844 Source advisory: SNYK:JS-ANGULAR-2772735...
Regular Expression Denial of Service (ReDoS)
Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...
JHipster SQL Injection Vulnerability
JHipster is an open source application builder that develops web applications and microservices primarily using Angular or React and Spring Framework.JHipster suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, whic...
@superdev-official/buffet-angular (=1.0.11), apps-b-builder (>=0.1.0 <=0.4.3) +9 more potentially affected by CVE-2022-25760 via accesslog (=0.0.2)
accesslog NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on accesslog and may be impacted: - @superdev-official/buffet-angular =1.0.11 - apps-b-builder =0.1.0, =0.6.0, =3.1.0, =0.1.0, =2.0.0, =0.4.0, =0.1.0, =0.4.1, =0.5.0 Source cves:...
@ckeditor/ckeditor5-dev-lint (>=1.0.0 <=2.0.3), @code_monk/hak-cli (>=1.0.6 <=1.0.9) +364 more potentially affected by CVE-2020-7751 via pathval (>=0.0.1 <=1.1.0)
pathval NPM version =0.0.1, =1.0.0, =1.0.6, =1.0.4, =2.0.3, =1.0.8, =1.0.3, =1.0.7, =2.0.3, =3.1.2, =1.0.3, =0.0.1, =0.1.0, =0.2.0 - @nwetzel/modern-web-dev-build =0.6.0 and more Source cves: CVE-2020-7751 Source advisory: OSV:GHSA-G6WW-V8XP-VMWG...
@superdev-official/buffet-angular (=1.0.11), apps-b-builder (>=0.1.0 <=0.4.3) +9 more potentially affected by CVE-2022-25760 via accesslog (=0.0.2)
accesslog NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on accesslog and may be impacted: - @superdev-official/buffet-angular =1.0.11 - apps-b-builder =0.1.0, =0.6.0, =3.1.0, =0.1.0, =2.0.0, =0.4.0, =0.1.0, =0.4.1, =0.5.0 Source cves:...
@daedalus/angular-handsontable (>=1.0.1 <=1.0.5), @hpcc-js/handson (>=0.0.1 <=0.0.44) +53 more potentially affected by CVE-2021-23446 via handsontable (>=0.25.1 <=0.38.1)
handsontable NPM version =0.25.1, =1.0.1, =0.0.1, =1.0.2, =0.1.0, =0.1.0, =1.0.0-beta1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.11, =1.1.12 and more Source cves: CVE-2021-23446 Source advisory: OSV:GHSA-HF66-R44G-P7J9...
@daedalus/angular-handsontable (>=1.0.1 <=1.0.5), @hpcc-js/handson (>=0.0.1 <=0.0.44) +53 more potentially affected by CVE-2021-23446 via handsontable (>=0.25.1 <=0.38.1)
handsontable NPM version =0.25.1, =1.0.1, =0.0.1, =1.0.2, =0.1.0, =0.1.0, =1.0.0-beta1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.11, =1.1.12 and more Source cves: CVE-2021-23446 Source advisory: SNYK:JS-HANDSONTABLE-1726770...
40au-isteven-angular-multiselect (=4.0.0), @abcd19/st-grid (=3.1.0) +724 more potentially affected by CVE-2025-11149 via node-static (>=0.5.6 <=0.7.11)
node-static NPM version =0.5.6, =1.0.5, =0.0.5, =0.0.1, =0.0.1, =17.0.6 - @beadswap/lib =0.0.1 and more Source cves: CVE-2025-11149 Source advisory: OSV:GHSA-8R4G-CG4M-X23C...
@angular/cli (=9.1.0-next.3), @schematics/update (=0.901.0-next.3) +1 more potentially affected by unknown CVE via @npmcli/git (=1.0.1)
@npmcli/git NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @npmcli/git and may be impacted: - @angular/cli =9.1.0-next.3 - @schematics/update =0.901.0-next.3 - pacote =11.1.1 Source cves: unknown CVE Source advisory:...