CVE-2025-4690 - Medium Severity Vulnerability
Vulnerable Library - angular-sanitize-1.8.3.tgz
AngularJS module for sanitizing HTML
Library home page: https://registry.npmjs.org/angular-sanitize/-/angular-sanitize-1.8.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /home/wss-scanner/.yarn/berry/cache/angular-sanitize-npm-1.8.3-cdd4180b10-10.zip
Dependency Hierarchy:
- angular-patternfly-3.26.0.tgz (Root Library)
- ❌ angular-sanitize-1.8.3.tgz (Vulnerable Library)
Found in HEAD commit: d87706978173ac6516da5e83374518c21263b77b
Found in base branch: master
Vulnerability Details
A regular expression used by AngularJS' linky https://docs.angularjs.org/api/ngSanitize/filter/linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a
Regular expression Denial of Service (ReDoS) https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS attack on the application.
This issue affects all versions of AngularJS.
Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Publish Date: 2025-08-19
URL: CVE-2025-4690
CVSS 3 Score Details (4.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Step up your Open Source Security Game with Mend here
CVE-2025-4690 - Medium Severity Vulnerability
AngularJS module for sanitizing HTML
Library home page: https://registry.npmjs.org/angular-sanitize/-/angular-sanitize-1.8.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /home/wss-scanner/.yarn/berry/cache/angular-sanitize-npm-1.8.3-cdd4180b10-10.zip
Dependency Hierarchy:
Found in HEAD commit: d87706978173ac6516da5e83374518c21263b77b
Found in base branch: master
A regular expression used by AngularJS' linky https://docs.angularjs.org/api/ngSanitize/filter/linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a
Regular expression Denial of Service (ReDoS) https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS attack on the application.
This issue affects all versions of AngularJS.
Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Publish Date: 2025-08-19
URL: CVE-2025-4690
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here