Vulnerability Database
296,746
Total vulnerabilities in the database
CVE-2024-21490
This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service.
Note:
This package is EOL and will not receive any updates to address this issue. Users should migrate to @angular/core.
| Software | From | Fixed in |
|---|---|---|
@schematics / angular
|
1.3.0 | 1.8.3.x |
org.webjars.npm / angular
|
1.3.0 | 1.8.3.x |
|
org.webjars.bower / angular
|
1.3.0 | 1.8.3.x |
| angularjs / angular.js | 1.3.0 | 1.3.0.x |
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747
- https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
- https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos
- https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime