CVE-2023-26117

SOURCE - github

Summary

All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

EPSS Score: 0.00171 (0.539)

Common Weakness Enumeration (CWE)

SOURCE - nist

Inefficient Regular Expression Complexity

SOURCE - github

Inefficient Regular Expression Complexity

SOURCE - gitlab

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Inefficient Regular Expression Complexity

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

SOURCE - redhat

Inefficient Regular Expression Complexity


nist

CREATED


UPDATED



EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.3medium

github

CREATED


UPDATED



EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.3medium

debian

CREATED


UPDATED



EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

ubuntu

CREATED


UPDATED



EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium

gitlab

CREATED


UPDATED


SOURCE ID

CVE-2023-26117


EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.3medium

redhat

CREATED


UPDATED



EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.3medium

inthewild

CREATED


UPDATED



EXPLOITABILITY SCORE

-


EXPLOITS FOUND

-


COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE