Vulnerabilities > CVE-2023-26118

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

angularjs

fedoraproject

NVD

Published: 2023-03-30

Updated: 2023-11-07

Summary

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Vulnerable Configurations

Part	Description	Count
Application	Angularjs Angularjs Angular 1.7.0 Angularjs Angular 1.7.1 Angularjs Angular 1.7.2 Angularjs Angular 1.7.3 Angularjs Angular 1.7.4 Angularjs Angular 1.7.5 Angularjs Angular 1.7.6 Angularjs Angular 1.7.7 Angularjs Angular 1.7.8 Angularjs Angular 1.7.9 Angularjs Angular 1.8.0 Angularjs Angular 1.8.1 Angularjs Angular 1.8.2 Angularjs Angular 1.8.3	14
OS	Fedoraproject Fedoraproject Fedora 38	1

Vulnerabilities > CVE-2023-26118 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2023-26118"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2023-26118