Security Advisory

CVE-2023-26118

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-30 05:00:02
Last updated 2025-11-03 19:28:08
Assigner snyk
State PUBLISHED

Description

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.