Home / mailings [USN-7958-1] AngularJS vulnerabilities
Posted on 14 January 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-7958-1
January 14, 2026
angular.js vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in AngularJS.
Software Description:
- angular.js: JavaScript-based web framework
Details:
It was discovered that AngularJS did not properly sanitize certain
`xlink:href` attributes. A remote attacker could possibly use this issue
to perform cross site scripting. This issue only affected Ubuntu 16.04
LTS. (CVE-2019-14863)
It was discovered that AngularJS incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause AngularJS
to consume resources, leading to a regular expression denial of service.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04
LTS and Ubuntu 25.04. (CVE-2022-25844)
It was discovered that AngularJS incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause AngularJS
to consume resources, leading to a regular expression denial of service.
(CVE-2023-26116, CVE-2023-26117)
It was discovered that AngularJS incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause AngularJS
to consume resources, leading to a regular expression denial of service.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2023-26118, CVE-2024-21490)
It was discovered that AngularJS did not properly sanitize certain inputs
in HTML elements. A remote attacker could possibly use this issue to
perform spoofing and obtain sensitive information. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu
24.04 LTS and Ubuntu 25.04. (CVE-2024-8372, CVE-2024-8373, CVE-2025-2336)
It was discovered that AngularJS did not properly sanitize certain inputs
in HTML elements. A remote attacker could possibly use this issue to
perform spoofing and obtain sensitive information. (CVE-2025-0716)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libjs-angularjs 1.8.3-1ubuntu0.25.04.1
Ubuntu 24.04 LTS
libjs-angularjs 1.8.3-1ubuntu0.24.04.1
Ubuntu 22.04 LTS
libjs-angularjs 1.8.2-2ubuntu0.1
Ubuntu 20.04 LTS
libjs-angularjs 1.7.9-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libjs-angularjs 1.5.10-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libjs-angularjs 1.2.28-1ubuntu2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7958-1
CVE-2019-14863, CVE-2022-25844, CVE-2023-26116, CVE-2023-26117,
CVE-2023-26118, CVE-2024-21490, CVE-2024-8372, CVE-2024-8373,
CVE-2025-0716, CVE-2025-2336
Package Information:
https://launchpad.net/ubuntu/+source/angular.js/1.8.3-1ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/angular.js/1.8.3-1ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/angular.js/1.8.2-2ubuntu0.1
--===============3352581589102670315==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
