CVE-2022-25844
MEDIUMangularjs >=1.7.0 - Regular Expression Denial of Service via Custom Locale Rule
Title source: llmDescription
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.
References (9)
Core 9
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220629-0009/
Exploit, Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736
Exploit, Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738
Exploit, Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737
Exploit, Third Party Advisory
https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
Exploit, Third Party Advisory
https://stackblitz.com/edit/angularjs-material-blank-zvtdvb
Scores
CVSS v3
5.3
EPSS
0.0437
EPSS Percentile
90.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-1333
Status
published
Products (5)
angularjs/angularjs
1.7.0
fedoraproject/fedora
35
fedoraproject/fedora
36
netapp/ontap_select_deploy_administration_utility
npm/angular
1.7.0npm
Published
May 01, 2022
Tracked Since
Feb 18, 2026