Sign In

CVE-2023-26117

SOURCE - github

Summary

All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

EPSS Score: 0.00201 (0.581)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-1333

Inefficient Regular Expression Complexity

SOURCE - github

CWE-1333

Inefficient Regular Expression Complexity

SOURCE - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-1333

Inefficient Regular Expression Complexity

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

SOURCE - redhat

CWE-1333

Inefficient Regular Expression Complexity

Sources (7)

Impacted images

NIST

CREATED

UPDATED

SOURCE IDCVE-2023-26117
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1333

CVSS SCORE

5.3medium

GitHub

CREATED

UPDATED

SOURCE IDGHSA-2qqx-w9hr-q5gx
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1333

CVSS SCORE

5.3medium

Debian

CREATED

UPDATED

SOURCE IDCVE-2023-26117
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Ubuntu

CREATED

UPDATED

SOURCE IDCVE-2023-26117
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium

GitLab

CREATED

UPDATED

SOURCE ID

CVE-2023-26117

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-1333CWE-937

CVSS SCORE

5.3medium

Red Hat

CREATED

UPDATED

SOURCE IDCVE-2023-26117
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1333

CVSS SCORE

5.3medium

intheWild

CREATED

UPDATED

SOURCE IDCVE-2023-26117
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE