SB2023081008 - Regular expression denial of service in AngularJS 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023081008

SB2023081008 - Regular expression denial of service in AngularJS

Published: August 10, 2023 Updated: October 9, 2023

Security Bulletin ID SB2023081008
Severity
Medium
Patch available
NO
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Inefficient regular expression complexity (CVE-ID: CVE-2023-26117)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing untrusted input passed via the $resource service. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


2) Inefficient regular expression complexity (CVE-ID: CVE-2023-26116)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


3) Inefficient regular expression complexity (CVE-ID: CVE-2023-26118)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions in the input[url] functionality. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References