VYPR
High severityNVD Advisory· Published Feb 10, 2024· Updated Nov 3, 2025

CVE-2024-21490

CVE-2024-21490

Description

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. Note: This package is EOL and will not receive any updates to address this issue. Users should migrate to @angular/core.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
angularnpm
>= 1.3.0, <= 1.8.3
org.webjars.npm:angularMaven
>= 1.3.0, <= 1.8.3
org.webjars.bower:angularMaven
>= 1.3.0, <= 1.8.3

Affected products

8

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.