Package: angular.js / 1.8.3-3

CVE-2022-25844.patch Patch series | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
From: =?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org>
Date: Mon, 12 May 2025 00:34:07 +0200
Subject: CVE-2022-25844

Avoid a redos by avoiding regex

bug: https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014779
origin: part, https://github.com/PebblePad/angular.js/commit/ecfd8d3389d1ef813735febf6bf48ff5d970bc51
author: Alister Stevens <alister@pebblepad.co.uk>
---
 src/ng/filter/filters.js | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/src/ng/filter/filters.js b/src/ng/filter/filters.js
index 482b318..d5106e4 100644
--- a/src/ng/filter/filters.js
+++ b/src/ng/filter/filters.js
@@ -68,14 +68,24 @@ function currencyFilter($locale) {
       fractionSize = formats.PATTERNS[1].maxFrac;
     }
 
-    // If the currency symbol is empty, trim whitespace around the symbol
-    var currencySymbolRe = !currencySymbol ? /\s*\u00A4\s*/g : /\u00A4/g;
-
     // if null or undefined pass it through
-    return (amount == null)
-        ? amount
-        : formatNumber(amount, formats.PATTERNS[1], formats.GROUP_SEP, formats.DECIMAL_SEP, fractionSize).
-            replace(currencySymbolRe, currencySymbol);
+    if (amount === null || amount === undefined) {
+      return amount;
+    }
+
+    const formattedNumber = formatNumber(amount, formats.PATTERNS[1], formats.GROUP_SEP, formats.DECIMAL_SEP, fractionSize);
+    // Validate if currency symbol whitespace trimming is required by checking for the currency symbol first. Fixes potential ReDoS vulnerability - https://www.cve.org/CVERecord?id=CVE-2022-25844
+    if(!formattedNumber.includes("\u00A4")) return formattedNumber;
+    if(currencySymbol) return formattedNumber.replace(/\u00A4/g,currencySymbol);
+    /* here we know we have u00A4 so at least 2 splitted part and currency symbol is empty*/
+    let splitted = formattedNumber.split("\u00A4");
+    const splittedend = splitted.length - 1;
+    splitted[0] = splitted[0].trimEnd();
+    splitted[splittedend] = splitted[splittedend].trimStart();
+    if(splittedend > 1) {
+       for(let i=1;i < splittedend; i++) splitted[i] = splitted[i].trim();
+    }
+    return splitted.join('');
   };
 }