NodeJS/angular/1.8.2

HTML enhanced for web apps

Repo Link: https://www.npmjs.com/package/angular
License: MIT

6 Security Vulnerabilities

angular vulnerable to regular expression denial of service via the $resource service

Published date: 2023-03-30T06:30:26Z

CVE: CVE-2023-26117

Links:

All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Affected versions: ["0.0.1", "0.0.1-1", "0.0.1-2", "0.0.2", "0.0.3", "0.0.4", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.0.6", "1.0.7", "1.0.8", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.7", "1.2.8", "1.2.9", "1.2.10", "1.2.11", "1.2.12", "1.2.13", "1.2.14", "1.2.15", "1.2.16", "1.2.17", "1.2.18", "1.2.19", "1.2.20", "1.2.21", "1.2.22", "1.2.23", "1.3.0-rc.5", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4-build.3588", "1.2.27", "1.3.4", "1.3.5", "1.3.6", "1.3.7", "1.2.28", "1.3.8", "1.4.0-beta.0", "1.3.9", "1.3.10", "1.4.0-beta.1", "1.4.0-beta.2", "1.3.11", "1.4.0-beta.3", "1.3.12", "1.3.13", "1.4.0-beta.4", "1.3.14", "1.4.0-beta.5", "1.4.0-beta.6", "1.3.15", "1.4.0-rc.0", "1.4.0-rc.1", "1.4.0-rc.2", "1.4.0", "1.3.16", "1.4.1", "1.4.2", "1.3.17", "1.4.3", "1.4.4", "1.3.18", "1.4.5", "1.3.19", "1.4.6", "1.5.0-beta.0", "1.2.29", "1.3.20", "1.4.7", "1.5.0-beta.2", "1.4.8", "1.5.0-rc.0", "1.5.0-rc.1", "1.4.9", "1.5.0-rc.2", "1.5.0", "1.5.1", "1.4.10", "1.5.2", "1.5.3", "1.5.5", "1.4.11", "1.5.6", "1.4.12", "1.5.7", "1.2.30", "1.5.8", "1.4.13", "1.2.31", "1.2.32", "1.4.14", "1.6.0-rc.0", "1.6.0-rc.1", "1.5.9", "1.6.0-rc.2", "1.6.0", "1.5.10", "1.6.1", "1.5.11", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.6.10", "1.7.0-rc.0", "1.7.0", "1.7.1", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "1.7.9", "1.8.0", "1.8.1", "1.8.2", "1.8.3"]

Secure versions: []

angular vulnerable to regular expression denial of service via the angular.copy() utility

Published date: 2023-03-30T06:30:26Z

CVE: CVE-2023-26116

Links:

All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Secure versions: []

angular vulnerable to super-linear runtime due to backtracking

Published date: 2024-02-10T06:30:19Z

CVE: CVE-2024-21490

Links:

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service.

Note:

This package is EOL and will not receive any updates to address this issue. Users should migrate to @angular/core.

Affected versions: ["1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4-build.3588", "1.3.4", "1.3.5", "1.3.6", "1.3.7", "1.3.8", "1.4.0-beta.0", "1.3.9", "1.3.10", "1.4.0-beta.1", "1.4.0-beta.2", "1.3.11", "1.4.0-beta.3", "1.3.12", "1.3.13", "1.4.0-beta.4", "1.3.14", "1.4.0-beta.5", "1.4.0-beta.6", "1.3.15", "1.4.0-rc.0", "1.4.0-rc.1", "1.4.0-rc.2", "1.4.0", "1.3.16", "1.4.1", "1.4.2", "1.3.17", "1.4.3", "1.4.4", "1.3.18", "1.4.5", "1.3.19", "1.4.6", "1.5.0-beta.0", "1.3.20", "1.4.7", "1.5.0-beta.2", "1.4.8", "1.5.0-rc.0", "1.5.0-rc.1", "1.4.9", "1.5.0-rc.2", "1.5.0", "1.5.1", "1.4.10", "1.5.2", "1.5.3", "1.5.5", "1.4.11", "1.5.6", "1.4.12", "1.5.7", "1.5.8", "1.4.13", "1.4.14", "1.6.0-rc.0", "1.6.0-rc.1", "1.5.9", "1.6.0-rc.2", "1.6.0", "1.5.10", "1.6.1", "1.5.11", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.6.10", "1.7.0-rc.0", "1.7.0", "1.7.1", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "1.7.9", "1.8.0", "1.8.1", "1.8.2", "1.8.3"]

Secure versions: []

angular vulnerable to regular expression denial of service (ReDoS)

Published date: 2022-05-03T00:00:44Z

CVE: CVE-2022-25844

Links:

AngularJS lets users write client-side web applications. The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value.

Note: 1. This package has been deprecated and is no longer maintained. 2. The vulnerable versions are 1.7.0 and higher.

Affected versions: ["1.7.0", "1.7.1", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "1.7.9", "1.8.0", "1.8.1", "1.8.2", "1.8.3"]

Secure versions: []

Angular (deprecated package) Cross-site Scripting

Published date: 2022-07-16T00:00:20Z

CVE: CVE-2022-25869

Links:

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

NPM package angular is deprecated. Those who want to receive security updates should use the actively maintained package @angular/core.

Secure versions: []

angular vulnerable to regular expression denial of service via the <input type="url"> element

Published date: 2023-03-30T06:30:25Z

CVE: CVE-2023-26118

Links:

All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Secure versions: []

144 Other Versions

Version	License	Security	Released
1.8.3	MIT	6	2022-04-07 - 22:12	about 2 years
1.8.2	MIT	6	2020-10-21 - 11:58	over 3 years
1.8.1	MIT	6	2020-10-05 - 13:27	over 3 years
1.8.0	MIT	6	2020-06-04 - 16:24	almost 4 years
1.7.9	MIT	8	2019-11-19 - 09:30	over 4 years
1.7.8	MIT	9	2019-03-11 - 11:41	about 5 years
1.7.7	MIT	9	2019-02-04 - 13:18	about 5 years
1.7.6	MIT	9	2019-01-17 - 09:45	over 5 years
1.7.5	MIT	9	2018-10-04 - 14:16	over 5 years
1.7.4	MIT	9	2018-09-07 - 09:30	over 5 years
1.7.3	MIT	9	2018-08-08 - 19:19	over 5 years
1.7.2	MIT	9	2018-06-12 - 15:27	almost 6 years
1.7.1	MIT	9	2018-06-08 - 14:32	almost 6 years
1.7.0	MIT	9	2018-05-11 - 15:01	almost 6 years
1.7.0-rc.0	MIT	8	2018-04-19 - 09:09	about 6 years
1.6.10	MIT	8	2018-04-17 - 17:48	about 6 years
1.6.9	MIT	8	2018-02-02 - 13:13	about 6 years
1.6.8	MIT	8	2017-12-21 - 22:09	over 6 years
1.6.7	MIT	8	2017-11-24 - 18:20	over 6 years
1.6.6	MIT	8	2017-08-18 - 14:39	over 6 years
1.6.5	MIT	8	2017-07-03 - 19:52	almost 7 years
1.6.4	MIT	8	2017-03-31 - 09:31	about 7 years
1.6.3	MIT	8	2017-03-08 - 12:38	about 7 years
1.6.2	MIT	8	2017-02-07 - 13:59	about 7 years
1.6.1	MIT	8	2016-12-23 - 11:00	over 7 years
1.6.0	MIT	8	2016-12-08 - 12:16	over 7 years
1.6.0-rc.2	MIT	9	2016-11-24 - 22:07	over 7 years
1.6.0-rc.1	MIT	9	2016-11-21 - 14:01	over 7 years
1.6.0-rc.0	MIT	9	2016-10-27 - 20:13	over 7 years
1.5.11	MIT	9	2017-01-12 - 23:45	over 7 years
1.5.10	MIT	9	2016-12-16 - 10:47	over 7 years
1.5.9	MIT	9	2016-11-24 - 20:17	over 7 years
1.5.8	MIT	9	2016-07-22 - 15:29	almost 8 years
1.5.7	MIT	9	2016-06-15 - 19:26	almost 8 years
1.5.6	MIT	9	2016-05-27 - 17:30	almost 8 years
1.5.5	MIT	9	2016-04-18 - 09:47	about 8 years
1.5.3	MIT	9	2016-03-25 - 20:35	about 8 years
1.5.2	MIT	9	2016-03-18 - 22:59	about 8 years
1.5.1	MIT	9	2016-03-16 - 13:35	about 8 years
1.5.0	MIT	9	2016-02-05 - 12:01	about 8 years
1.5.0-rc.2	MIT	9	2016-01-28 - 12:26	about 8 years
1.5.0-rc.1	MIT	9	2016-01-15 - 22:28	over 8 years
1.5.0-rc.0	MIT	9	2015-12-09 - 14:35	over 8 years
1.5.0-beta.2	MIT	9	2015-11-18 - 00:22	over 8 years
1.5.0-beta.0	MIT	10	2015-09-17 - 14:01	over 8 years
1.4.14	MIT	10	2016-10-11 - 17:45	over 7 years
1.4.13	MIT	10	2016-10-10 - 21:46	over 7 years
1.4.12	MIT	10	2016-06-15 - 17:58	almost 8 years
1.4.11	MIT	10	2016-05-27 - 12:17	almost 8 years
1.4.10	MIT	10	2016-03-16 - 19:58	about 8 years
1.4.9	MIT	10	2016-01-21 - 13:22	over 8 years
1.4.8	MIT	10	2015-11-20 - 08:13	over 8 years
1.4.7	MIT	10	2015-09-29 - 23:06	over 8 years
1.4.6	MIT	10	2015-09-17 - 12:28	over 8 years
1.4.5	MIT	10	2015-08-28 - 19:58	over 8 years
1.4.4	MIT	10	2015-08-13 - 18:56	over 8 years
1.4.3	MIT	10	2015-07-15 - 02:01	almost 9 years
1.4.2	MIT	10	2015-07-06 - 21:30	almost 9 years
1.4.1	MIT	10	2015-06-16 - 14:11	almost 9 years
1.4.0	MIT	10	2015-05-27 - 01:48	almost 9 years
1.4.0-rc.2	MIT	10	2015-05-12 - 19:24	almost 9 years
1.4.0-rc.1	MIT	10	2015-04-24 - 18:59	about 9 years
1.4.0-rc.0	MIT	10	2015-04-10 - 18:09	about 9 years
1.4.0-beta.6	MIT	10	2015-03-17 - 12:17	about 9 years
1.4.0-beta.5	MIT	10	2015-02-24 - 19:39	about 9 years
1.4.0-beta.4	MIT	10	2015-02-09 - 11:29	about 9 years
1.4.0-beta.3	MIT	10	2015-02-03 - 21:36	about 9 years
1.4.0-beta.2	MIT	10	2015-01-26 - 23:14	about 9 years
1.4.0-beta.1	MIT	10	2015-01-20 - 20:55	over 9 years
1.4.0-beta.0	MIT	10	2015-01-14 - 21:25	over 9 years
1.3.20	MIT	10	2015-09-29 - 22:34	over 8 years
1.3.19	MIT	10	2015-09-16 - 21:19	over 8 years
1.3.18	MIT	10	2015-08-18 - 22:40	over 8 years
1.3.17	MIT	10	2015-07-06 - 21:53	almost 9 years
1.3.16	MIT	10	2015-06-05 - 21:20	almost 9 years
1.3.15	MIT	10	2015-03-17 - 13:15	about 9 years
1.3.14	MIT	10	2015-02-24 - 19:10	about 9 years
1.3.13	MIT	10	2015-02-09 - 11:10	about 9 years
1.3.12	MIT	10	2015-02-03 - 21:51	about 9 years
1.3.11	MIT	10	2015-01-26 - 23:34	about 9 years
1.3.10	MIT	10	2015-01-20 - 20:39	over 9 years
1.3.9	MIT	10	2015-01-14 - 23:22	over 9 years
1.3.8	MIT	10	2014-12-19 - 21:43	over 9 years
1.3.7	MIT	10	2014-12-15 - 22:02	over 9 years
1.3.6	MIT	10	2014-12-09 - 00:28	over 9 years
1.3.5	MIT	10	2014-12-02 - 05:35	over 9 years
1.3.4	MIT	10	2014-11-24 - 23:46	over 9 years
1.3.4-build.3588	MIT	10	2014-11-20 - 22:52	over 9 years
1.3.3	MIT	10	2014-11-18 - 08:09	over 9 years
1.3.2	MIT	10	2014-11-07 - 19:31	over 9 years
1.3.1	MIT	10	2014-10-31 - 17:49	over 9 years
1.3.0	MIT	10	2014-10-13 - 22:39	over 9 years
1.3.0-rc.5	MIT	9	2014-10-08 - 23:07	over 9 years
1.2.32	MIT	9	2016-10-11 - 17:12	over 7 years
1.2.31	MIT	9	2016-10-11 - 08:53	over 7 years
1.2.30	MIT	9	2016-07-21 - 10:34	almost 8 years
1.2.29	MIT	9	2015-09-29 - 22:02	over 8 years
1.2.28	MIT	9	2014-12-15 - 22:36	over 9 years
1.2.27	MIT	9	2014-11-20 - 23:32	over 9 years
1.2.23	MIT	9	2014-08-31 - 00:18	over 9 years