Feb 13, 2024

Addressing the Latest AngularJS CVE-2024-21490

Immediate Action Required for All AngularJS Applications
Addressing the Latest AngularJS CVE-2024-21490

All projects that continue to depend on AngularJS need to take immediate action. As part of our never-ending dedication to keeping AngularJS supported for our clients, we have helped find and fix a high-severity security issue (also known as a CVE). Any version of AngularJS from v1.3.0 to the latest will need to address this issue. 

What is the CVE?

The CVE in question involves a Regex Denial of Service attack in the ng-srcset directive. This vulnerability could potentially allow a complete shutdown of your AngularJS application if left unaddressed. An exploit of this would completely freeze the application for any and all affected users.

How HeroDevs Responded:

HeroDevs, through its AngularJS Never-Ending Support (NES) product, addressed this CVE in August 2023, ensuring that our clients' applications remain secure and resilient against emerging threats. AngularJS NES is designed to offer comprehensive support and security updates for legacy AngularJS, extending beyond the official end-of-life dates.

Taking Action:

We urge all AngularJS users to take immediate action to mitigate this vulnerability. 

For HeroDevs clients, each of you received this fix for this issue last year when we released v1.5.19 (if you are on the 1.5 branch) or v1.9.3 (if on 1.9 branch) and greater. If you haven’t installed that latest version yet, please review our emails to your team and/or reach out to our support team for help.

For all other AngularJS users, please consider a speedy migration away from AngularJS. Alternatively, please reach out to explore how easy it is to receive secure AngularJS updates from our heroes.


In conclusion, the recent CVE highlights the importance of sustained support for legacy systems like AngularJS. Among the half dozen CVEs reported against AngularJS since the end of support on December 31, 2021, this is the first high-severity issue, making this the most significant update we’ve released. HeroDevs is committed to providing that support through our NES offering, ensuring your applications and customers remain secure, compliant, and efficient.:

For more information about AngularJS Never-Ending Support, visit HeroDevs.

. . .
About HeroDevs

HeroDevs partners with open-source authors to offer comprehensive solutions for sunsetted open-source software. Our Never-Ending Support products ensure businesses remain secure and compliant, even as their depended-upon open-source packages reach end-of-life. Alongside this, our elite team of software engineers and architects provides expert consulting and engineering services, assisting clients in migrating from deprecated packages and modernizing their technology stacks.

Article Summary
HeroDevs addressed a high-severity CVE in AngularJS with a Regex DoS fix in v1.9.3. Secure your legacy AngularJS with our Never-Ending Support product.
Thought Leadership
Related Articles
HeroDevs Partners with OpenJS Foundation
Driving Security and Compliance for Deprecated Open Source Software
Introducing Angular v6-15 Never-Ending Support by HeroDevs
Navigating the Upgrade Maze: A Strategic Approach to Legacy Angular Maintenance
Introducing AngularJS NES + Essentials: Expanding Security for AngularJS Applications
Extending Security to AngularJS Essential Third-Party Libraries

Open Source Insights Delivered Monthly

* indicates required