cvedb.io
CVE-2023-26116
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2023-03-30T05:15:07.410 · Last modified 2026-06-17T05:42:42.777

Summary

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Affected products

angularjs — angularjs

Does this affect you?

Add your gear to cvedb and we'll alert you only when angularjs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.