{"url":"http://public2.vulnerablecode.io/api/packages/1050851?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1","type":"deb","namespace":"debian","name":"angular.js","version":"1.8.3-1+deb12u1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13713?format=json","vulnerability_id":"VCID-1x1p-ye9j-rug4","summary":"Improper sanitization of the value of the `[srcset]` attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .\n\nThis issue affects AngularJS versions 1.3.0-rc.4 and greater.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8372.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8372","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0338","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03335","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03336","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03346","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03225","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03215","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0324","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03261","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03289","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03331","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0331","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03305","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03296","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03285","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04529","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8372"},{"reference_url":"https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:06:37Z/"}],"url":"https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8372"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8372","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8372"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241122-0002","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241122-0002"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2024-8372","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:06:37Z/"}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2024-8372"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088804","reference_id":"1088804","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088804"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310871","reference_id":"2310871","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310871"},{"reference_url":"https://github.com/advisories/GHSA-m9gf-397r-hwpg","reference_id":"GHSA-m9gf-397r-hwpg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m9gf-397r-hwpg"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050851?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1"}],"aliases":["CVE-2024-8372","GHSA-m9gf-397r-hwpg"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1x1p-ye9j-rug4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16999?format=json","vulnerability_id":"VCID-6map-62jp-tkgu","summary":"angular vulnerable to regular expression denial of service via the $resource service\nAll versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26117.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26117.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26117","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50838","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50799","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50836","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5084","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50855","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50878","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50781","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50824","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54893","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54808","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54862","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54888","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54868","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54914","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26117"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26117","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26117"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045"},{"reference_url":"https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694","reference_id":"1036694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183108","reference_id":"2183108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183108"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26117","reference_id":"CVE-2023-26117","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26117"},{"reference_url":"https://github.com/advisories/GHSA-2qqx-w9hr-q5gx","reference_id":"GHSA-2qqx-w9hr-q5gx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qqx-w9hr-q5gx"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/","reference_id":"OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/","reference_id":"UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050851?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1"}],"aliases":["CVE-2023-26117","GHSA-2qqx-w9hr-q5gx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6map-62jp-tkgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15362?format=json","vulnerability_id":"VCID-8juz-913g-zfdb","summary":"angular vulnerable to super-linear runtime due to backtracking\nThis affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. \n\n\n**Note:**\n\nThis package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21490.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21490.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21490","reference_id":"","reference_type":"","scores":[{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84648","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84633","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84631","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84623","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84596","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84595","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84594","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84574","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84579","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84583","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84564","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84558","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84533","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84512","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21490"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21490","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21490"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113"},{"reference_url":"https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/"}],"url":"https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos"},{"reference_url":"https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088803","reference_id":"1088803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088803"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263754","reference_id":"2263754","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263754"},{"reference_url":"https://github.com/advisories/GHSA-4w4v-5hc9-xrr2","reference_id":"GHSA-4w4v-5hc9-xrr2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4w4v-5hc9-xrr2"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050851?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1"}],"aliases":["CVE-2024-21490","GHSA-4w4v-5hc9-xrr2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8juz-913g-zfdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13716?format=json","vulnerability_id":"VCID-cfxn-m6af-2kb8","summary":"Improper sanitization of the value of the `[srcset]` attribute in `<source>` HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .\n\nThis issue affects all versions of AngularJS.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8373.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8373.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8373","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02318","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0224","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02245","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02253","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02254","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02276","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02247","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02227","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02236","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02329","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02307","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.023","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02344","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8373"},{"reference_url":"https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:04:03Z/"}],"url":"https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8373"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8373","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8373"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241122-0003","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241122-0003"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2024-8373","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:04:03Z/"}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2024-8373"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088805","reference_id":"1088805","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088805"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310872","reference_id":"2310872","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310872"},{"reference_url":"https://github.com/advisories/GHSA-mqm9-c95h-x2p6","reference_id":"GHSA-mqm9-c95h-x2p6","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mqm9-c95h-x2p6"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050851?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1"}],"aliases":["CVE-2024-8373","GHSA-mqm9-c95h-x2p6"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cfxn-m6af-2kb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16998?format=json","vulnerability_id":"VCID-cpwp-gasq-kffz","summary":"angular vulnerable to regular expression denial of service via the <input type=\"url\"> element\nAll versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type=\"url\"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26118.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26118.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26118","reference_id":"","reference_type":"","scores":[{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67033","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67031","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67045","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67025","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.66964","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67013","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.66989","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69803","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69823","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69848","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69844","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69835","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69784","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26118"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26118","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26118"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046"},{"reference_url":"https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694","reference_id":"1036694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183110","reference_id":"2183110","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183110"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26118","reference_id":"CVE-2023-26118","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26118"},{"reference_url":"https://github.com/advisories/GHSA-qwqh-hm9m-p5hr","reference_id":"GHSA-qwqh-hm9m-p5hr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qwqh-hm9m-p5hr"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/","reference_id":"OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/","reference_id":"UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050851?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1"}],"aliases":["CVE-2023-26118","GHSA-qwqh-hm9m-p5hr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpwp-gasq-kffz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25428?format=json","vulnerability_id":"VCID-njvf-2y8u-5kfw","summary":"AngularJS improperly sanitizes SVG elements\nImproper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images.\n\nThis issue affects all versions of AngularJS.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0716.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0716.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0716","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14501","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14623","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14686","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14688","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14655","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14594","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14677","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14787","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14828","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14798","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14767","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14876","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14588","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14694","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.1475","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0716"},{"reference_url":"https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:33:33Z/"}],"url":"https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0716","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0716"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0716","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0716"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2025-0716","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:33:33Z/"}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2025-0716"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104485","reference_id":"1104485","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104485"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362958","reference_id":"2362958","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362958"},{"reference_url":"https://github.com/advisories/GHSA-j58c-ww9w-pwp5","reference_id":"GHSA-j58c-ww9w-pwp5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j58c-ww9w-pwp5"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050851?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1"}],"aliases":["CVE-2025-0716","GHSA-j58c-ww9w-pwp5"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njvf-2y8u-5kfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16988?format=json","vulnerability_id":"VCID-qwfu-v1x6-e3ep","summary":"angular vulnerable to regular expression denial of service via the angular.copy() utility\nAll versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26116.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26116","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50838","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50799","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50836","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5084","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50855","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50878","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50781","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50824","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54893","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54808","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54862","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54888","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54868","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54914","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26116"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044"},{"reference_url":"https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694","reference_id":"1036694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183109","reference_id":"2183109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183109"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26116","reference_id":"CVE-2023-26116","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26116"},{"reference_url":"https://github.com/advisories/GHSA-2vrf-hf26-jrp5","reference_id":"GHSA-2vrf-hf26-jrp5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2vrf-hf26-jrp5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/","reference_id":"OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/","reference_id":"UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050851?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1"}],"aliases":["CVE-2023-26116","GHSA-2vrf-hf26-jrp5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwfu-v1x6-e3ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30198?format=json","vulnerability_id":"VCID-s1yh-7m2a-y3g3","summary":"AngularJS Incomplete Filtering of Special Elements vulnerability\nImproper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images.\n\nThis issue affects AngularJS versions greater than or equal to 1.3.1.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2336","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41827","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41601","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41739","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4182","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41961","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4189","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45783","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45789","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45732","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45833","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45778","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45808","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45762","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45786","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2336"},{"reference_url":"https://codepen.io/herodevs/pen/bNGYaXx/412a3a4218387479898912f60c269c6c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T18:14:00Z/"}],"url":"https://codepen.io/herodevs/pen/bNGYaXx/412a3a4218387479898912f60c269c6c"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2336","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2336"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2336","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2336"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2025-2336","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T18:14:00Z/"}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2025-2336"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2025-2336?angularjs-nes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2025-2336?angularjs-nes"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107519","reference_id":"1107519","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107519"},{"reference_url":"https://github.com/advisories/GHSA-4p4w-6hg8-63wx","reference_id":"GHSA-4p4w-6hg8-63wx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4p4w-6hg8-63wx"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050851?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1"}],"aliases":["CVE-2025-2336","GHSA-4p4w-6hg8-63wx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1yh-7m2a-y3g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14293?format=json","vulnerability_id":"VCID-tgyd-qy7s-kkew","summary":"angular vulnerable to regular expression denial of service (ReDoS)\nAngularJS lets users write client-side web applications. The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value.\n\n**Note:**\n1. This package has been deprecated and is no longer maintained.\n2. The vulnerable versions are 1.7.0 and higher.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25844.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25844","reference_id":"","reference_type":"","scores":[{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83426","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83402","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83401","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83365","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.8337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83376","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83361","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83351","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83327","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83311","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.8346","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83435","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83433","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83403","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25844"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220629-0009","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220629-0009"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735"},{"reference_url":"https://stackblitz.com/edit/angularjs-material-blank-zvtdvb","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://stackblitz.com/edit/angularjs-material-blank-zvtdvb"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014779","reference_id":"1014779","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014779"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080945","reference_id":"2080945","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080945"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25844","reference_id":"CVE-2022-25844","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25844"},{"reference_url":"https://github.com/advisories/GHSA-m2h2-264f-f486","reference_id":"GHSA-m2h2-264f-f486","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m2h2-264f-f486"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050851?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1"}],"aliases":["CVE-2022-25844","GHSA-m2h2-264f-f486"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgyd-qy7s-kkew"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1"}