angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. References: https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
Created firefox tracking bugs for this issue: Affects: fedora-all [bug 2208184] Created icecat tracking bugs for this issue: Affects: fedora-all [bug 2208185] Created mozjs102 tracking bugs for this issue: Affects: fedora-all [bug 2208186] Created mozjs78 tracking bugs for this issue: Affects: fedora-all [bug 2208187] Created qpid-dispatch tracking bugs for this issue: Affects: openstack-rdo [bug 2208190] Created thunderbird tracking bugs for this issue: Affects: fedora-all [bug 2208188]