angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. References: https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
Created firefox tracking bugs for this issue: Affects: fedora-all [bug 2208175] Created icecat tracking bugs for this issue: Affects: fedora-all [bug 2208177] Created mozjs102 tracking bugs for this issue: Affects: fedora-all [bug 2208178] Created mozjs78 tracking bugs for this issue: Affects: fedora-all [bug 2208179] Created qpid-dispatch tracking bugs for this issue: Affects: openstack-rdo [bug 2208182] Created thunderbird tracking bugs for this issue: Affects: fedora-all [bug 2208180]