2183110 – (CVE-2023-26118) CVE-2023-26118 angularjs: Regular Expression Denial of Service via the <input type="url"> element

Bug 2183110 (CVE-2023-26118) - CVE-2023-26118 angularjs: Regular Expression Denial of Service via the <input type="url"> element

Summary: CVE-2023-26118 angularjs: Regular Expression Denial of Service via the <input...

Keywords:
Status:	NEW
Alias:	CVE-2023-26118
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2208194 2208198 2207892 2207893 2208195 2208196 2208197 2208199 2208200 2208201 2211108 2211110 2211111 2211113 2211114 2211115 2211117 2211118 2211120 2211121 2211123 2211124 2211125 2211126 2211127
Blocks:	2183111
TreeView+	depends on / blocked

Reported:	2023-03-30 12:21 UTC by Pedro Sampaio
Modified:	2024-03-29 03:35 UTC (History)
CC List:	69 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in AngularJS, where it is vulnerable to a denial of service caused by a regular expression denial of service (ReDoS) flaw in the input[url] functionality. By providing specially-crafted regex input, a remote attacker can cause a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2023-03-30 12:21:51 UTC

All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

References:

https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046

Comment 3 Avinash Hanwate 2023-05-18 08:50:32 UTC

Created firefox tracking bugs for this issue:

Affects: fedora-all [bug 2208194]


Created icecat tracking bugs for this issue:

Affects: fedora-all [bug 2208195]


Created mozjs102 tracking bugs for this issue:

Affects: fedora-all [bug 2208196]


Created mozjs78 tracking bugs for this issue:

Affects: fedora-all [bug 2208197]


Created qpid-dispatch tracking bugs for this issue:

Affects: openstack-rdo [bug 2208199]


Created thunderbird tracking bugs for this issue:

Affects: fedora-all [bug 2208198]

Comment 7 Tomas Popela 2023-05-30 14:52:53 UTC

@mrehak please don't open any bugs for RHEL 8 Firefox and Thunderbird Flatpaks as these were obsoleted by their RHEL 9 version at the time of RHEL 8.7.0 GA. I was assured several times that the templates/scripts that Product Security is using will be/were adapted, but still bugs are opened for these.

Note You need to log in before you can comment on or make changes to this bug.

abobrov
aileenc
amctagga
aoconnor
asoldano
bbaranow
bdettelb
bmaxwell
bniver
boliveir
brian.stansberry
caswilli
cdewolf
chazlett
darran.lofthouse
dkreling
dosoudil
drichtar
eglynn
erack
fjuma
flucifre
fmuellner
fzatlouk
gblomqui
gmalinko
gmeno
grafana-maint
ivassile
iweiss
janstey
jhorak
jjoyce
jkurik
jwendell
kaycoth
klember
lgao
lhh
mabashia
mbenjamin
mburns
mgarciac
mhackett
mosmerov
mrehak
msochure
msvehla
nathans
nwallace
pdelbell
pdrozd
pjindal
pmackay
pskopek
rcernich
rhos-maint
rowaters
rstancel
smaestri
smcdonal
sostapov
spower
sthorger
stransky
tom.jenkinson
tpopela
twalsh
vereddy