Home > Vulnerability Database > CVE-2023-26116

Mend.io Vulnerability Database

CVE-2023-26116

Date: March 30, 2023

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Language: JS

Severity Score

8.8

Related Resources (6)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-26116

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/

Url: https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos

Url: https://access.redhat.com/security/cve/CVE-2023-26116

Url: https://www.mend.io/vulnerability-database/CVE-2023-26116

Severity Score

8.8

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-26116

Date: March 30, 2023

Language: JS

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?