@angular/common: Angular @angular/common: Denial of Service via crafted date format string
Summary
@angular/common: Angular @angular/common: Denial of Service via crafted date format string. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-1284.
- < 22.0.1
- < 21.2.17
- < 20.3.25
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 22.0.1
- 21.2.17
- 20.3.25
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Validate and sanitize user-supplied date format strings before passing them to Angular's DatePipe. Implement request rate limiting and timeouts on web application endpoints to limit the impact of malicious requests.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.