Moderate severityOSV Advisory· Published Mar 30, 2023· Updated Nov 3, 2025
CVE-2023-26117
CVE-2023-26117
Description
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
angularnpm | <= 1.8.3 | — |
Affected products
6- Range: v1.0.0, v1.0.1, v1.1.0, …
- osv-coords5 versionspkg:apk/chainguard/solrpkg:apk/chainguard/solr-oci-compatpkg:apk/wolfi/solrpkg:apk/wolfi/solr-oci-compatpkg:npm/angular
< 9.10.0-r0+ 4 more
- (no CPE)range: < 9.10.0-r0
- (no CPE)range: < 9.9.0-r3
- (no CPE)range: < 9.10.0-r0
- (no CPE)range: < 9.9.0-r3
- (no CPE)range: <= 1.8.3
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-2qqx-w9hr-q5gxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-26117ghsaADVISORY
- lists.debian.org/debian-lts-announce/2025/07/msg00005.htmlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55KghsaWEB
- security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323ghsaWEB
- security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325ghsaWEB
- security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324ghsaWEB
- security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045ghsaWEB
- stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redosghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/mitre
News mentions
0No linked articles in our index yet.