Security
Feb 13, 2024

Addressing the Latest AngularJS CVE-2024-21490

Immediate Action Required for All AngularJS Applications

Addressing the Latest AngularJS CVE-2024-21490

All projects that continue to depend on AngularJS need to take immediate action. As part of our never-ending dedication to keeping AngularJS supported for our clients, we have helped find and fix a high-severity security issue (also known as a CVE). Any version of AngularJS from v1.3.0 to the latest will need to address this issue. 

What is the CVE?

The CVE in question involves a Regex Denial of Service attack in the ng-srcset directive. This vulnerability could potentially allow a complete shutdown of your AngularJS application if left unaddressed. An exploit of this would completely freeze the application for any and all affected users.

How HeroDevs Responded:

HeroDevs, through its AngularJS Never-Ending Support (NES) product, addressed this CVE in August 2023, ensuring that our clients' applications remain secure and resilient against emerging threats. AngularJS NES is designed to offer comprehensive support and security updates for legacy AngularJS, extending beyond the official end-of-life dates.

Taking Action:

We urge all AngularJS users to take immediate action to mitigate this vulnerability. 

For HeroDevs clients, each of you received this fix for this issue last year when we released v1.5.19 (if you are on the 1.5 branch) or v1.9.3 (if on 1.9 branch) and greater. If you haven’t installed that latest version yet, please review our emails to your team and/or reach out to our support team for help.

For all other AngularJS users, please consider a speedy migration away from AngularJS. Alternatively, please reach out to explore how easy it is to receive secure AngularJS updates from our heroes.

Conclusion:

In conclusion, the recent CVE highlights the importance of sustained support for legacy systems like AngularJS. Among the half dozen CVEs reported against AngularJS since the end of support on December 31, 2021, this is the first high-severity issue, making this the most significant update we’ve released. HeroDevs is committed to providing that support through our NES offering, ensuring your applications and customers remain secure, compliant, and efficient.:

For more information about AngularJS Never-Ending Support, visit HeroDevs.

. . .
Article Summary
HeroDevs addressed a high-severity CVE in AngularJS with a Regex DoS fix in v1.9.3. Secure your legacy AngularJS with our Never-Ending Support product.
Author
HeroDevs
Thought Leadership
Related Articles
Open Source Insights Delivered Monthly

By clicking “submit” I acknowledge receipt of our Privacy Policy.

Thanks for signing up for our Newsletter! We look forward to connecting with you.
Oops! Something went wrong while submitting the form.