CVE-2021-32821

Published: Jan 3, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.

Affected (1)

Products: Mootools: Mootools

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mootools Mootools	Up to 1.6.0

Related CWEs

Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/

Source: security-advisories@github.com

ExploitThird Party Advisory

https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.