CVE-2022-25844
ADVISORY - githubSummary
AngularJS lets users write client-side web applications. The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value.
Note:
- This package has been deprecated and is no longer maintained.
- The vulnerable versions are 1.7.0 and higher.
EPSS Score: 0.00546 (0.670)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Inefficient Regular Expression Complexity
ADVISORY - github
ADVISORY - gitlab
ADVISORY - redhat
Allocation of Resources Without Limits or Throttling
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in