Overview
AngularJS is a JavaScript-based open-source front-end web framework for developing single-page applications.
A Regular Expression Denial of Service (ReDoS) vulnerability has been identified within AngularJS.
Per OWASP: ReDoS attacks exploit regular expression implementations that may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then cause a program using a Regular Expression (Regex) to enter these extreme situations and then hang for a very long time.
Details
Module Info
- Package manager: npm
- Affected module: angular
- Affected versions: >=v1.3.0
- Link to published package: https://www.npmjs.com/package/angular
- Github repo: https://github.com/angular/angular.js
Vulnerability Info
A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service of the application, also known as a ReDoS attack.
Steps to Reproduce
The vulnerability manifests itself when the `ng-srcset` attribute of an element (usually an `<img>` element) is filled with a value consisting of two or more URLs separated by many spaces (for example, `http://examples.com/image.png 2x, ... http://example.com/image.png`):
```
<img ng-srcset="valueWithManySpaces"/>
```
Proof of Concept
https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos
Remediation
AngularJS is end-of-life, though commercial support is available from HeroDevs. This vulnerability has been addressed in a patch by HeroDevs.