CVE-2024-21490

SOURCE - github

Summary

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. Note: This package is EOL and will not receive any updates to address this issue. Users should migrate to @angular/core.

EPSS Score: 0.00052 (0.196)

Common Weakness Enumeration (CWE)

SOURCE - nist

Inefficient Regular Expression Complexity

SOURCE - github

Inefficient Regular Expression Complexity

SOURCE - gitlab

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Inefficient Regular Expression Complexity

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

SOURCE - redhat

Inefficient Regular Expression Complexity


nist

CREATED


UPDATED



EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high

github

CREATED


UPDATED



EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high

debian

CREATED


UPDATED



EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

ubuntu

CREATED


UPDATED



EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

gitlab

CREATED


UPDATED


SOURCE ID

CVE-2024-21490


EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high

redhat

CREATED


UPDATED



EXPLOITABILITY SCORE

3.9


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5medium

inthewild

CREATED


UPDATED



EXPLOITABILITY SCORE

-


EXPLOITS FOUND

-


COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE