Lucene search

[email protected]NVD:CVE-2021-32821

HistoryJan 03, 2023 - 5:15 p.m.

CVE-2021-32821

2023-01-0317:15:10

CWE-400

CWE-1333

[email protected]

web.nvd.nist.gov

mootools

javascript

redos

css selector

jquery

vulnerability

patch

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

37.2%

JSON

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.

Affected configurations

Nvd

Node

mootoolsmootoolsRange≤1.6.0

VendorProductVersionCPE
mootoolsmootools*cpe:2.3:a:mootools:mootools:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mootools	mootools	*	cpe:2.3:a:mootools:mootools::::::::

References

securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

37.2%

JSON

Related for NVD:CVE-2021-32821

osv2 ubuntucve1 cvelist1 veracode1 prion1 debiancve1 github1 cve1