Common Weakness Enumeration

CWE-1333

Allowed

Inefficient Regular Expression Complexity

Abstraction: Base · Status: Draft

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

726 vulnerabilities reference this CWE, most recent first.

GHSA-4F3H-89PJ-W84F

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32
VLAI
Details

A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service (ReDoS) by manipulating regular expressions. This can significantly slow down the application's response time and potentially render it completely unusable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7779"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-20T10:15:37Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service (ReDoS) by manipulating regular expressions. This can significantly slow down the application\u0027s response time and potentially render it completely unusable.",
  "id": "GHSA-4f3h-89pj-w84f",
  "modified": "2025-03-20T12:32:46Z",
  "published": "2025-03-20T12:32:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7779"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/829f7d9f-8755-4362-bd40-801e4690dcdc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4F6G-68PF-7VHV

Vulnerability from github – Published: 2026-01-09 19:48 – Updated: 2026-01-11 14:53
VLAI
Summary
pypdf has possible long runtimes for malformed startxref
Details

Impact

An attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected.

Patches

This has been fixed in pypdf==6.6.0.

Workarounds

from pypdf import PdfReader, PdfWriter


# Instead of
reader = PdfReader("file.pdf")
# use the strict mode:
reader = PdfReader("file.pdf", strict=True)

# Instead of
writer = PdfWriter(clone_from="file.pdf")
# use an explicit strict reader:
writer = PdfWriter(clone_from=PdfReader("file.pdf", strict=True))

Resources

This issue has been fixed in #3594.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pypdf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-22691"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333",
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-09T19:48:57Z",
    "nvd_published_at": "2026-01-10T05:16:08Z",
    "severity": "LOW"
  },
  "details": "### Impact\nAn attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for invalid `startxref` entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected.\n\n### Patches\nThis has been fixed in [pypdf==6.6.0](https://github.com/py-pdf/pypdf/releases/tag/6.6.0).\n\n### Workarounds\n\n```python\nfrom pypdf import PdfReader, PdfWriter\n\n\n# Instead of\nreader = PdfReader(\"file.pdf\")\n# use the strict mode:\nreader = PdfReader(\"file.pdf\", strict=True)\n\n# Instead of\nwriter = PdfWriter(clone_from=\"file.pdf\")\n# use an explicit strict reader:\nwriter = PdfWriter(clone_from=PdfReader(\"file.pdf\", strict=True))\n```\n\n### Resources\nThis issue has been fixed in #3594.",
  "id": "GHSA-4f6g-68pf-7vhv",
  "modified": "2026-01-11T14:53:40Z",
  "published": "2026-01-09T19:48:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-4f6g-68pf-7vhv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22691"
    },
    {
      "type": "WEB",
      "url": "https://github.com/py-pdf/pypdf/pull/3594"
    },
    {
      "type": "WEB",
      "url": "https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/py-pdf/pypdf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/py-pdf/pypdf/releases/tag/6.6.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "pypdf has possible long runtimes for malformed startxref"
}

GHSA-4FR5-6CCQ-75W2

Vulnerability from github – Published: 2024-02-08 00:32 – Updated: 2024-02-08 00:32
VLAI
Details

An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.6.7, all versions starting from 16.7 before 16.7.5, all versions starting from 16.8 before 16.8.2. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6736"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-07T22:15:09Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.6.7, all versions starting from 16.7 before 16.7.5, all versions starting from 16.8 before 16.8.2. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file.",
  "id": "GHSA-4fr5-6ccq-75w2",
  "modified": "2024-02-08T00:32:19Z",
  "published": "2024-02-08T00:32:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6736"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/2269023"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/435036"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4GMJ-3P3H-GM8H

Vulnerability from github – Published: 2024-02-26 20:01 – Updated: 2024-02-26 20:01
VLAI
Summary
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
Details

Impact

Passing functions with very long names or complex default argument names into function#copy orfunction#toStringTokens may put script to stall

Patches

Fixed with https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 and https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602 Published with v0.10.63

Workarounds

No real workaround aside of refraining from using above utilities.

References

https://github.com/medikoo/es5-ext/issues/201

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "es5-ext"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.10.0"
            },
            {
              "fixed": "0.10.63"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-27088"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-26T20:01:28Z",
    "nvd_published_at": "2024-02-26T17:15:11Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nPassing functions with very long names or complex default argument names into `function#copy` or`function#toStringTokens` may put script to stall\n\n### Patches\nFixed with https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 and https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602\nPublished with v0.10.63\n\n### Workarounds\nNo real workaround aside of refraining from using above utilities.\n\n### References\nhttps://github.com/medikoo/es5-ext/issues/201\n",
  "id": "GHSA-4gmj-3p3h-gm8h",
  "modified": "2024-02-26T20:01:28Z",
  "published": "2024-02-26T20:01:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27088"
    },
    {
      "type": "WEB",
      "url": "https://github.com/medikoo/es5-ext/issues/201"
    },
    {
      "type": "WEB",
      "url": "https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/medikoo/es5-ext"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`"
}

GHSA-4MW5-77QF-JMW4

Vulnerability from github – Published: 2023-01-12 06:30 – Updated: 2023-01-18 21:30
VLAI
Details

An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3514"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-12T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser.",
  "id": "GHSA-4mw5-77qf-jmw4",
  "modified": "2023-01-18T21:30:21Z",
  "published": "2023-01-12T06:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3514"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1727201"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3514.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/377978"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4PM8-RXV6-FRFV

Vulnerability from github – Published: 2024-10-28 15:31 – Updated: 2024-10-28 15:31
VLAI
Details

In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50574"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-28T13:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality",
  "id": "GHSA-4pm8-rxv6-frfv",
  "modified": "2024-10-28T15:31:15Z",
  "published": "2024-10-28T15:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50574"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4Q6P-R6V2-JVC5

Vulnerability from github – Published: 2023-09-27 20:16 – Updated: 2023-10-02 21:05
VLAI
Summary
Chaijs/get-func-name vulnerable to ReDoS
Details

The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows:

const functionNameMatch = /\s*function(?:\s|\s*\/\*[^(?:*/)]+\*\/\s*)*([^\s(/]+)/;

This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input:

'\t'.repeat(54773) + '\t/function/i'

Here is a simple PoC code to demonstrate the issue:

const protocolre = /\sfunction(?:\s|\s/*[^(?:*\/)]+*/\s*)*([^\(\/]+)/;

const startTime = Date.now();
const maliciousInput = '\t'.repeat(54773) + '\t/function/i'

protocolre.test(maliciousInput);

const endTime = Date.now();

console.log("process time: ", endTime - startTime, "ms");
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "get-func-name"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-43646"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333",
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-27T20:16:00Z",
    "nvd_published_at": "2023-09-27T15:19:34Z",
    "severity": "HIGH"
  },
  "details": "The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows:\n\n```js\nconst functionNameMatch = /\\s*function(?:\\s|\\s*\\/\\*[^(?:*/)]+\\*\\/\\s*)*([^\\s(/]+)/;\n```\n\nThis vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input:\n\n```js\n\u0027\\t\u0027.repeat(54773) + \u0027\\t/function/i\u0027\n```\n\nHere is a simple PoC code to demonstrate the issue:\n\n```js\nconst protocolre = /\\sfunction(?:\\s|\\s/*[^(?:*\\/)]+*/\\s*)*([^\\(\\/]+)/;\n\nconst startTime = Date.now();\nconst maliciousInput = \u0027\\t\u0027.repeat(54773) + \u0027\\t/function/i\u0027\n\nprotocolre.test(maliciousInput);\n\nconst endTime = Date.now();\n\nconsole.log(\"process time: \", endTime - startTime, \"ms\");\n```",
  "id": "GHSA-4q6p-r6v2-jvc5",
  "modified": "2023-10-02T21:05:48Z",
  "published": "2023-09-27T20:16:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43646"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/chaijs/get-func-name"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chaijs/get-func-name/blob/78ad756441a83f3dc203e50f76c113ae3ac017dc/index.js#L15"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Chaijs/get-func-name vulnerable to ReDoS"
}

GHSA-4R6J-FWCX-94CF

Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2022-11-10 20:09
VLAI
Summary
snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS)
Details

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the get_file_transfer_type method.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "snowflake-connector-python"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-42965"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-10T18:57:53Z",
    "nvd_published_at": "2022-11-09T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the get_file_transfer_type method.",
  "id": "GHSA-4r6j-fwcx-94cf",
  "modified": "2022-11-10T20:09:27Z",
  "published": "2022-11-10T12:01:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42965"
    },
    {
      "type": "WEB",
      "url": "https://github.com/snowflakedb/snowflake-connector-python/pull/1327"
    },
    {
      "type": "WEB",
      "url": "https://github.com/snowflakedb/snowflake-connector-python/commit/b9d2fc789fae4db865dde3d2a1bd72c8a9eab091"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/snowflakedb/snowflake-connector-python"
    },
    {
      "type": "WEB",
      "url": "https://github.com/snowflakedb/snowflake-connector-python/releases/tag/v2.8.2"
    },
    {
      "type": "WEB",
      "url": "https://research.jfrog.com/vulnerabilities/snowflake-connector-python-redos-xray-257185"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS)"
}

GHSA-4RGR-V5FF-6HGP

Vulnerability from github – Published: 2023-07-25 15:30 – Updated: 2024-04-04 06:21
VLAI
Details

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39174"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-25T15:15:13Z",
    "severity": "HIGH"
  },
  "details": "In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers",
  "id": "GHSA-4rgr-v5ff-6hgp",
  "modified": "2024-04-04T06:21:06Z",
  "published": "2023-07-25T15:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39174"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4W4V-5HC9-XRR2

Vulnerability from github – Published: 2024-02-10 06:30 – Updated: 2025-11-03 22:32
VLAI
Summary
angular vulnerable to super-linear runtime due to backtracking
Details

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service.

Note:

This package is EOL and will not receive any updates to address this issue. Users should migrate to @angular/core.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "angular"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.3.0"
            },
            {
              "last_affected": "1.8.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.webjars.npm:angular"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.3.0"
            },
            {
              "last_affected": "1.8.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.webjars.bower:angular"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.3.0"
            },
            {
              "last_affected": "1.8.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21490"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-13T15:08:21Z",
    "nvd_published_at": "2024-02-10T05:15:08Z",
    "severity": "HIGH"
  },
  "details": "This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. \n\n\n**Note:**\n\nThis package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).",
  "id": "GHSA-4w4v-5hc9-xrr2",
  "modified": "2025-11-03T22:32:26Z",
  "published": "2024-02-10T06:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21490"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/angular/angular.js"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113"
    },
    {
      "type": "WEB",
      "url": "https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos"
    },
    {
      "type": "WEB",
      "url": "https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "angular vulnerable to super-linear runtime due to backtracking"
}

Mitigation
Architecture and Design

Use regular expressions that do not support backtracking, e.g. by removing nested quantifiers.

Mitigation
System Configuration

Set backtracking limits in the configuration of the regular expression implementation, such as PHP's pcre.backtrack_limit. Also consider limits on execution time for the process.

Mitigation
Implementation

Do not use regular expressions with untrusted input. If regular expressions must be used, avoid using backtracking in the expression.

Mitigation
Implementation

Limit the length of the input that the regular expression will process.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.