Debian LTS: Angular.js Critical ReDoS Issues DLA-4242-1 CVE-2022-25844
debian lts
July 19, 2025
angular.js a popular JavaScript framework was affected by multiple vulnerabilities
Topics Covered
Summary
CVE-2022-25844
A Regular Expression Denial of Service vulnerability (ReDoS)
was found by providing a custom locale rule that makes
it possible to assign the parameter in posPre: ' '.repeat()
of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value
CVE-2023-26116
A Regular Expression Denial of Service (ReDoS) was found
via the angular.copy() utility function due to the usage
of an insecure regular expression.
CVE-2023-26117
A Regular Expression Denial of Service (ReDoS) was found
via the $resource service due to the usage of an insecure
regular expression.
CVE-2023-26118
A Regular Expression Denial of Service (ReDoS) was found
via the element due to the usage of an
insecure regular expression in the input[url] functionality.
Exploiting this vulnerability is possible by a large
carefully-crafted input, which can result in catastrophic
backtracking.
CVE-2024-8372
Improper sanitization of the value of the 'srcset'
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: angular.js
Version: 1.8.3-1+deb12u1~deb11u1
CVE ID: CVE-2022-25844 CVE-2023-26116 CVE-2023-26117 CVE-2023-26118
Debian Bug: #1014779 #1036694 #1088804 #1088805 #1104485
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!