Not a user yet?
Log in Register for free Suggest a product
Update

USN-7958-1: AngularJS vulnerabilities

Ubuntu DesktopUbuntu Desktop
Canonical

USN-7958-1: AngularJS vulnerabilities

Publication date: 14 January 2026
Overview:Several security issues were fixed in AngularJS.

Packages
angular.js - JavaScript-based web framework

Details
It was discovered that AngularJS did not properly sanitize certain
xlink:href attributes. A remote attacker could possibly use this issue
to perform cross site scripting. This issue only affected Ubuntu 16.04
LTS. (CVE-2019-14863)

It was discovered that AngularJS incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause AngularJS
to consume resources, leading to a regular expression denial of service.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04
LTS and Ubuntu 25.04. (CVE-2022-25844)

It was discovered that AngularJS incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause AngularJS
to consume resources, leading to a regular expression denial of service.
(CVE-2023-26116, CVE-2023-26117)

It was discovered that AngularJS incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause AngularJS
to consume resources, leading to a regular expression denial of service.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2023-26118, CVE-2024-21490)

It was discovered that AngularJS did not properly sanitize certain inputs
in HTML elements. A remote attacker could possibly use this issue to
perform spoofing and obtain sensitive information. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu
24.04 LTS and Ubuntu 25.04. (CVE-2024-8372, CVE-2024-8373, CVE-2025-2336)

It was discovered that AngularJS did not properly sanitize certain inputs
in HTML elements. A remote attacker could possibly use this issue to
perform spoofing and obtain sensitive information. (CVE-2025-0716)

Update instructions
In general, a standard system update will make all the necessary changes.
The problem can be corrected by updating your system to the following package versions:

  • 25.04 plucky libjs-angularjs – 1.8.3-1ubuntu0.25.04.1
  • 24.04 LTS noble libjs-angularjs – 1.8.3-1ubuntu0.24.04.1
  • 22.04 LTS jammy libjs-angularjs – 1.8.2-2ubuntu0.1
  • 20.04 LTS focal libjs-angularjs – 1.7.9-1ubuntu0.1~esm1
  • 18.04 LTS bionic libjs-angularjs – 1.5.10-1ubuntu0.1~esm1
  • 16.04 LTS xenial libjs-angularjs – 1.2.28-1ubuntu2+esm1
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad