CVE-2022-25844

Summary

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. Note: 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.

Affected Software

VendorProductVersion RangeStatus
n/aangularnext of 1.7.0 < unspecifiedaffected

Weaknesses

  • Regular Expression Denial of Service (ReDoS)

ADP Enrichment

CVE Program Container

Additional References

References