점검 대응높음KEV 미등록
CVE-2024-21490
n/a angular, org.webjars.bower:angular, org.webjars.npm:angular 취약점
- 대응 우선순위
- 점검
- CVSS
- 7.5
- EPSS
- 1.89% 백분위 77.0% · 2026.06.30 기준
- CISA KEV
- 미등록
- 조치 기한
- -
- 공개일
- 2024.02.10
CVSS 위험도가 높아 영향 여부를 우선 점검할 취약점
This affects versions of the package angular from 1.3.0; versions of the package angularjs from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).
공급사 n/a
제품 angular, org.webjars.bower:angular, org.webjars.npm:angular
영향 버전 1.3.0, >= 1.3.0
수정 버전 공식 출처에서 확인 필요
CVSS 벡터 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE CWE-1333
EPSS 데이터 기준일 2026.06.30