Moderate severityNVD Advisory· Published May 1, 2022· Updated Nov 3, 2025
Regular Expression Denial of Service (ReDoS)
CVE-2022-25844
Description
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. Note: 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
angularnpm | >= 1.7.0 | — |
Affected products
6- osv-coords5 versionspkg:apk/chainguard/solrpkg:apk/chainguard/solr-oci-compatpkg:apk/wolfi/solrpkg:apk/wolfi/solr-oci-compatpkg:npm/angular
< 9.10.0-r0+ 4 more
- (no CPE)range: < 9.10.0-r0
- (no CPE)range: < 9.9.0-r3
- (no CPE)range: < 9.10.0-r0
- (no CPE)range: < 9.9.0-r3
- (no CPE)range: >= 1.7.0
Patches
Vulnerability mechanics
References
16- github.com/advisories/GHSA-m2h2-264f-f486ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2022-25844ghsaADVISORY
- lists.debian.org/debian-lts-announce/2025/07/msg00005.htmlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOOghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOOghsaWEB
- security.netapp.com/advisory/ntap-20220629-0009ghsaWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736ghsaWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738ghsaWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737ghsaWEB
- snyk.io/vuln/SNYK-JS-ANGULAR-2772735ghsaWEB
- stackblitz.com/edit/angularjs-material-blank-zvtdvbghsaWEB
- security.netapp.com/advisory/ntap-20220629-0009/mitre
News mentions
0No linked articles in our index yet.