🛡 H3lium@infosec.exchange/:~# :blinking_cursor:<p>"AngularJS ReDoS Vulnerability Alert - Affecting EOL angular package, versions >=1.3.0 🚨🛡️"</p><p>A newly disclosed vulnerability in AngularJS, identified as CVE-2024-21490, poses a risk to web applications by enabling <a href="https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS" rel="nofollow noopener" target="_blank">Regular Expression Denial of Service (ReDoS)</a> attacks. This flaw affects all AngularJS versions before 1.8.3, allowing attackers to cause a service disruption by crafting specific inputs that trigger excessive backtracking in regular expressions. </p><p>Developers should review their applications for vulnerable patterns and -as this package is EOL- migrate to <a href="https://www.npmjs.com/package/@angular/core" rel="nofollow noopener" target="_blank">@angular/core</a>. Also an <a href="https://infosec.exchange/tags/PoC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PoC</span></a> example of exploiting this vulnerability can be found in a live demo on StackBlitz, showing the attack's mechanics and potential impact on AngularJS applications.</p><p>Tags: <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/AngularJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AngularJS</span></a> <a href="https://infosec.exchange/tags/ReDoS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ReDoS</span></a> <a href="https://infosec.exchange/tags/PatchManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchManagement</span></a> <a href="https://infosec.exchange/tags/WebDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebDevelopment</span></a> <a href="https://infosec.exchange/tags/SecureCoding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecureCoding</span></a> 🌍🔑💻</p><p>Source: NVD - <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-21490" rel="nofollow noopener" target="_blank">CVE-2024-21490</a>, Snyk - <a href="https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113" rel="nofollow noopener" target="_blank">SNYK-JS-ANGULAR-6091113</a>, StackBlitz Demo - <a href="https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos?file=index.js" rel="nofollow noopener" target="_blank">AngularJS Vulnerability</a></p>