src/ng/filter/filters.js | 24 17 + 7 - 0 !
1 file changed, 17 insertions(+), 7 deletions(-)

 cve-2022-25844

Avoid a redos by avoiding regex

bug: https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014779

src/Angular.js | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 cve-2023-26116

Fix the redos by using regex.flags available since 2020 for all browser

bug: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044

src/ngResource/resource.js | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 cve-2023-26117

Fix by linear replace a redos

bug-poc: https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos?file=index.js
bug: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
bug-debian: https://bugs.debian.org/1036694

src/ng/directive/input.js | 13 1 + 12 - 0 !
1 file changed, 1 insertion(+), 12 deletions(-)

 cve-2023-26118

Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the
usage of an insecure regular expression in the input[url] functionality.

Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

src/ng/compile.js | 46 8 + 38 - 0 !
1 file changed, 8 insertions(+), 38 deletions(-)

 cve-2024-21490 and cve-2024-8372

Fix ReDoS vulnerability with ng-srcset

Fix also CVE-2024-8372 by sanitizing

src/ng/compile.js | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 cve-2024-8373

src/ng/compile.js | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 fix improper sanitisation of href and xlink:href on svg image
 elements

Fix CVE-2025-0716

src/ngSanitize/sanitize.js | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 cve-2025-2336
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

An improper sanitization vulnerability has been identified in AngularJS' ngSanitize module,
which allows attackers to bypass common image source restrictions normally
applied to image elements. This bypass can further lead to a form of
Content Spoofing. Similarly, the application's performance and behavior
could be negatively affected by using too large or slow-to-load images.

The $sanitize service, which is provided by the angular-sanitize package,
is used for sanitizing HTML strings by stripping all potentially dangerous tokens.
As part of the sanitization, it checks the URLs of images to ensure they
abide by the defined image source rules. This allows improving the security
of an application by setting restrictions on the sources of images
that can be shown. For example, only allowing images from a specific domain.

However, due to a bug in the $sanitize service, SVG <image> elements
are not correctly detected as images, even when SVG support is enabled.
As a result, the image source restrictions are not applied to the images
that can be shown. This allows bypassing the image source restrictions configured
in the application, which can also lead to a form of Content Spoofing.
Similarly, the application's performance and behavior can be negatively affected
by using too large or slow-to-load images.

bug: https://www.herodevs.com/vulnerability-directory/cve-2025-2336
bug-PoC: https://codepen.io/herodevs/pen/bNGYaXx/412a3a4218387479898912f60c269c6c