CVE-2023-26116

NVD Listing :- 

Bug Fixes 

• ng-srcset: Addresses a Content Spoofing vulnerability and failure to sanitize image URLs set by $compileProvider.imgSrcSanitizationWhitelist(). 
  This patch addresses the CVE-2024-8372 vulnerability, where users could bypass image source restrictions using ng-attr-srcset Angular attributes. 
  This patch addresses the CVE-2024-8373 vulnerability, where users could bypass image source restrictions in picture>source elements using the [srcset] attribute.
• ng-srcset: Addresses a ReDoS vulnerability in the ng-srcset directive. 
  This update enhances the performance of the ng-srcset directive and mitigates a high-severity risk associated with ReDoS (CVE-2024-21490).
• angular.copy(): Fixes a ReDoS issue in angular.copy() 
  This fix corrected the logic for copying RegExp in angular.copy and solved a high severity threat related to ReDoS (CVE-2023-26116)
• $resource: Fixes ReDoS issue with URLs that have trailing slashes 
  Addresses the ReDoS high severity vulnerability (CVE-2023-26117). This fix resolved the trailing slashes issue in $resource.
• input[url]: Fixed ReDoS issue in input URL 
  This fix addressed a high severity threat related to ReDoS and improves performance in URL_REGEXP (CVE-2023-26118)
• $sniffer: Updated sniffer logic to detect Firefox browser based on Modern Firefox user agent strings that include the substring like "Gecko" and sometimes "webkit" for compatibility. Earlier it used to return true even for webkit based browsers.
• SVG image elements: Addresses a Content Spoofing vulnerability related to SVG image elements. 
  This patch addresses the CVE-2025-0716 vulnerability, where attackers could bypass common image source restrictions through improper sanitization of the 'href' and 'xlink:href' attributes in '' SVG elements.