CVE-2023-26117

Name of the Vulnerable Software and Affected Versions angular versions 1.0.0 and later

Description The issue is related to the $resource service in angular, which uses an insecure regular expression. This can lead to a Regular Expression Denial of Service (ReDoS) when a large, carefully-crafted input is provided, resulting in catastrophic backtracking. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For angular versions 1.0.0 and later, consider disabling the $resource service until a patch is available to prevent potential exploitation. Restrict access to the $resource service to minimize the risk of denial of service attacks. Avoid using the $resource service with large, untrusted inputs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.