CVE-2023-26118

Name of the Vulnerable Software and Affected Versions angular versions 1.4.9 and later

Description The issue is related to the usage of an insecure regular expression in the input[url] functionality of the angular package, which can lead to a Regular Expression Denial of Service (ReDoS) via the element. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. This can allow a remote attacker to cause a denial of service.

Recommendations For angular versions 1.4.9 and later, consider disabling the input[url] functionality until a patch is available. Restrict access to the element to minimize the risk of exploitation. Avoid using the input[url] functionality with large or untrusted inputs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.