CVE-2025-4690 (Medium) detected in angular-sanitize-1.8.3.tgz

[mend-bolt-for-github]

CVE-2025-4690 - Medium Severity Vulnerability

Vulnerable Library - angular-sanitize-1.8.3.tgz

AngularJS module for sanitizing HTML

Library home page: https://registry.npmjs.org/angular-sanitize/-/angular-sanitize-1.8.3.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

• ❌ angular-sanitize-1.8.3.tgz (Vulnerable Library)

Found in HEAD commit: 5def65f0b4206a5ad7d8195b61a34437fb09ec9d

Found in base branch: master

Vulnerability Details

A regular expression used by AngularJS'  linky https://docs.angularjs.org/api/ngSanitize/filter/linky  filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a
Regular expression Denial of Service (ReDoS) https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS  attack on the application.
This issue affects all versions of AngularJS.
Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

Publish Date: 2025-08-19

URL: CVE-2025-4690

CVSS 3 Score Details (4.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

---

Step up your Open Source Security Game with Mend here