CVE-2023-26116

5.3 MEDIUM
Published: March 30, 2023 Modified: November 20, 2025
View on NVD

Description

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
Source: report@snyk.io
Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
Source: report@snyk.io
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320
Source: report@snyk.io
Exploit Third Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322
Source: report@snyk.io
Exploit Third Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321
Source: report@snyk.io
Exploit Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
Source: report@snyk.io
Exploit Third Party Advisory
https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos
Source: report@snyk.io
Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
Source: af854a3a-2127-422b-91ae-364da2661108
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory

15 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.3 / 10.0
EPSS (Exploit Probability)
0.3%
56th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-1333 CWE-1333 CWE-1333

Affected Vendors

angularjs fedoraproject

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3