F5-K000141463

First published: Tue Oct 15 2024(Updated: )

CVE-2019-10768 In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload. CVE-2023-26116 Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. CVE-2023-26117 Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. CVE-2023-26118 Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/f5-advisory
• source/F5
• alias/CVE-2019-10768
• alias/CVE-2023-26116
• alias/CVE-2023-26117
• alias/CVE-2023-26118
• agent/software-canonical-lookup
• agent/references
• agent/last-modified-date
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/first-publish-date
• agent/description
• agent/event
• agent/type
• vendor/f5
• canonical/f5 big-ip
• version/f5 big-ip/17.1.0
• version/f5 big-ip/17.1.1
• version/f5 big-ip/16.1.0
• version/f5 big-ip/16.1.5
• version/f5 big-ip/15.1.0
• version/f5 big-ip/15.1.10