K000150967: Angular JS vulnerabilities CVE-2023-26117 and CVE-2023-26118

Security Advisory Description CVE-2023-26117 Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted...

Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)

Exploit Title: Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution RCE Date: 10 October 2024 Discovered by : Ravindu Wickramasinghe | rvz @rvizx9 Exploit Author: Ravindu Wickramasinghe | rvz @rvizx9 Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload...

@angular-devkit/build-angular (>=19.2.0 <=19.2.0-rc.0), @angular/build (>=19.2.0 <=19.2.0-rc.0) +40 more potentially affected by CVE-2025-32395 via vite (>=6.1.0 <=6.1.4)

vite NPM version =6.1.0, =19.2.0, =19.2.0, =1.0.7, =2.12.0, =2.12.0, =11.24.0, =0.0.1739797164641, =1.0.0, =0.0.0-experimental-989cf02-20250217-d62ba1cb, =0.0.0-experimental-80aadca-20250205-e2641483, =0.0.0-snapshot-1e670bae5105bde781e82aa2a8ee4f2dfc2446f0,...

@aicblock/cli (>=1.0.0 <=1.0.1), @angular-devkit/build-angular (>=19.2.1 <=20.0.0-next.5) +44 more potentially affected by CVE-2025-32395 via vite (>=6.2.0 <=6.2.5)

vite NPM version =6.2.0, =1.0.0, =19.2.1, =19.2.1, =0.55.0, =0.21.2-4.1, =1.0.0, =1.0.410, =3.8.0, =1.47.0, =5.0.0-alpha.40, =1.0.0-next.1, =2.0.0-next.3 and more Source cves: CVE-2025-32395 Source advisory: OSV:GHSA-356W-63V5-8WF4...

@adhd/react-hooks (=2.2.1), @aklesky/vite-config (>=0.7.9 <=0.9.0) +411 more potentially affected by CVE-2025-31486 via vite (>=5.0.0 <=5.4.16)

vite NPM version =5.0.0, =0.7.9, =17.1.0, =18.0.0, =1.0.25-beta.0, =0.5.0, =2.0.0-beta.0, =0.22.0, =1.0.1, =1.0.0, =1.0.0, =0.9.0, =0.9.8 and more Source cves: CVE-2025-31486 Source advisory: OSV:GHSA-XCJ6-PQ6G-QJ4X...

@angular-devkit/build-angular (>=19.2.0 <=19.2.0-rc.0), @angular/build (>=19.2.0 <=19.2.0-rc.0) +40 more potentially affected by CVE-2025-31486 via vite (>=6.1.0 <=6.1.3)

vite NPM version =6.1.0, =19.2.0, =19.2.0, =1.0.7, =2.12.0, =2.12.0, =11.24.0, =0.0.1739797164641, =1.0.0, =0.0.0-experimental-989cf02-20250217-d62ba1cb, =0.0.0-experimental-80aadca-20250205-e2641483, =0.0.0-snapshot-1e670bae5105bde781e82aa2a8ee4f2dfc2446f0,...

@aicblock/cli (>=1.0.0 <=1.0.1), @angular-devkit/build-angular (>=19.2.1 <=20.0.0-next.4) +43 more potentially affected by CVE-2025-31486 via vite (>=6.2.0 <=6.2.4)

vite NPM version =6.2.0, =1.0.0, =19.2.1, =19.2.1, =0.55.0, =0.21.2-4.1, =1.0.0, =1.0.410, =3.8.0, =1.47.0, =5.0.0-alpha.40, =1.0.0-next.1, =2.0.0-next.3 and more Source cves: CVE-2025-31486 Source advisory: OSV:GHSA-XCJ6-PQ6G-QJ4X...

📄 Angular-Base64-Upload Library Remote Code Execution

Angular-Base64-Upload library unauthenticated remote code execution proof of concept exploit that affects versions prior to 0.1.21. !/bin/python3 Exploit Title: Unauthenticated RCE via Angular-Base64-Upload Library Date: 10 October 2024 Discovered by : Ravindu Wickramasinghe | rvz @rvizx9 Exploit...

Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)

Exploit Title: Angular-Base64-Upload Library 0.1.20 - Remote Code Execution RCE Date: 10 October 2024 Discovered by : Ravindu Wickramasinghe | rvz @rvizx9 Exploit Author: Ravindu Wickramasinghe | rvz @rvizx9 Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload Software Link:...

@angular-devkit/build-angular (>=19.2.0 <=19.2.0-rc.0), @angular/build (>=19.2.0 <=19.2.0-rc.0) +40 more potentially affected by CVE-2025-31125 via vite (>=6.1.0 <=6.1.2)

vite NPM version =6.1.0, =19.2.0, =19.2.0, =1.0.7, =2.12.0, =2.12.0, =11.24.0, =0.0.1739797164641, =1.0.0, =0.0.0-experimental-989cf02-20250217-d62ba1cb, =0.0.0-experimental-80aadca-20250205-e2641483, =0.0.0-snapshot-1e670bae5105bde781e82aa2a8ee4f2dfc2446f0,...

@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +25 more potentially affected by CVE-2025-31125 via vite (>=6.0.0 <=6.0.11)

vite NPM version =6.0.0, =4.25.19-patch.2, =19.1.5, =19.1.5, =5.0.0-alpha.37, =19.1.0, =19.1.0, =2.11.0, =2.11.0, =11.23.0, =0.0.0-experimental-13bd4c2-20250203-4e3af844, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =0.3.0-dev.12 and more Source cves: CVE-2025-31125 Source advisory:...

@aicblock/cli (>=1.0.0 <=1.0.1), @angular-devkit/build-angular (>=19.2.1 <=20.0.0-next.3) +40 more potentially affected by CVE-2025-31125 via vite (>=6.2.0 <=6.2.3)

vite NPM version =6.2.0, =1.0.0, =19.2.1, =19.2.1, =0.55.0, =0.21.2-4.1, =1.0.0, =1.0.410, =3.8.0, =5.0.0-alpha.40, =1.0.0-next.1, =2.0.0-next.3 and more Source cves: CVE-2025-31125 Source advisory: OSV:GHSA-4R4M-QW57-CHR8...

@angular-devkit/build-angular (>=19.2.0 <=19.2.0-rc.0), @angular/build (>=19.2.0 <=19.2.0-rc.0) +39 more potentially affected by CVE-2025-30208 via vite (>=6.1.0 <=6.1.1)

vite NPM version =6.1.0, =19.2.0, =19.2.0, =1.0.7, =2.12.0, =2.12.0, =11.24.0, =0.0.1739797164641, =1.0.0, =0.0.0-experimental-989cf02-20250217-d62ba1cb, =0.0.0-experimental-80aadca-20250205-e2641483, =0.0.0-snapshot-1e670bae5105bde781e82aa2a8ee4f2dfc2446f0,...

@aicblock/cli (>=1.0.0 <=1.0.1), @angular-devkit/build-angular (>=19.2.1 <=20.0.0-next.2) +33 more potentially affected by CVE-2025-30208 via vite (>=6.2.0 <=6.2.2)

vite NPM version =6.2.0, =1.0.0, =19.2.1, =19.2.1, =0.55.0, =1.0.0, =1.0.410, =5.0.0-alpha.40, =1.0.0-next.1, =3.0.0, =19.1.1, =19.1.1, =19.1.3-snapshot-1744784398463 and more Source cves: CVE-2025-30208 Source advisory: OSV:GHSA-X574-M823-4X7W...

@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +25 more potentially affected by CVE-2025-30208 via vite (>=6.0.0 <=6.0.11)

vite NPM version =6.0.0, =4.25.19-patch.2, =19.1.5, =19.1.5, =5.0.0-alpha.37, =19.1.0, =19.1.0, =2.11.0, =2.11.0, =11.23.0, =0.0.0-experimental-13bd4c2-20250203-4e3af844, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =0.3.0-dev.12 and more Source cves: CVE-2025-30208 Source advisory:...

Malicious code in angular-remove-diacritics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5abbdf7a3253b0f21066be1be90dc829f3e83d3cd402e748a428c5a1b36f4918 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2295 Malicious code in angular-remove-diacritics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5abbdf7a3253b0f21066be1be90dc829f3e83d3cd402e748a428c5a1b36f4918 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Linux Distros Unpatched Vulnerability : CVE-2023-26117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecur...

Linux Distros Unpatched Vulnerability : CVE-2023-26118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular...

Linux Distros Unpatched Vulnerability : CVE-2023-26116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service ReDoS via the angular.copy utility function due to the usage ...