Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-758x-qqp7-2qah
Vulnerability ID VCID-758x-qqp7-2qah
Aliases CVE-2024-21490
GHSA-4w4v-5hc9-xrr2
Summary
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1333 Inefficient Regular Expression Complexity
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21490.json
epss 0.02246 https://api.first.org/data/v1/epss?cve=CVE-2024-21490
epss 0.02246 https://api.first.org/data/v1/epss?cve=CVE-2024-21490
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-4w4v-5hc9-xrr2
cvssv3.1 7.5 https://github.com/angular/angular.js
generic_textual HIGH https://github.com/angular/angular.js
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-21490
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-21490
cvssv3.1 7.5 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746
cvssv3.1 7.5 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746
generic_textual HIGH https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746
ssvc Track https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746
cvssv3.1 7.5 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747
cvssv3.1 7.5 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747
generic_textual HIGH https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747
ssvc Track https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747
cvssv3.1 7.5 https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
cvssv3.1 7.5 https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
generic_textual HIGH https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
ssvc Track https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
cvssv3.1 7.5 https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos
cvssv3.1 7.5 https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos
generic_textual HIGH https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos
ssvc Track https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos
cvssv3.1 7.5 https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS
generic_textual HIGH https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21490.json
https://api.first.org/data/v1/epss?cve=CVE-2024-21490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21490
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/angular/angular.js
https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS
1088803 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088803
2263754 https://bugzilla.redhat.com/show_bug.cgi?id=2263754
angularjs-vulnerability-ng-srcset-redos https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos
CVE-2024-21490 https://nvd.nist.gov/vuln/detail/CVE-2024-21490
GHSA-4w4v-5hc9-xrr2 https://github.com/advisories/GHSA-4w4v-5hc9-xrr2
SNYK-JAVA-ORGWEBJARSBOWER-6241746 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746
SNYK-JAVA-ORGWEBJARSNPM-6241747 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747
SNYK-JS-ANGULAR-6091113 https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
USN-7958-1 https://usn.ubuntu.com/7958-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21490.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/angular/angular.js
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-21490
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P Found at https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/ Found at https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P Found at https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/ Found at https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P Found at https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/ Found at https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P Found at https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/ Found at https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.84933
EPSS Score 0.02246
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:10:57.709693+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 38.6.0