CVE-2022-25844

Name of the Vulnerable Software and Affected Versions angular versions 1.7.0 and higher

Description The issue is related to the use of a regular expression with inefficient computational complexity in the Angular application design environment and single-page application development platform. This can be exploited by a remote attacker to cause a denial of service. The vulnerability is triggered by providing a custom locale rule that allows assigning a high value to the posPre parameter in NUMBER FORMATS.PATTERNS[1].posPre using the ' '.repeat() method.

Recommendations For versions 1.7.0 and higher, consider disabling the custom locale rule functionality until a fix is available, or restrict the use of the posPre parameter in NUMBER FORMATS.PATTERNS[1].posPre to prevent assigning high values. At the moment, there is no information about a newer version that contains a fix for this vulnerability.