56 matches found
CVE-2021-32821 Regular expression Denial of Service in MooTools
MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...
CVE-2021-32821
CVE-2021-32821 affects MooTools (JavaScript utilities). The issue is a vulnerability in MooTools’ CSS selector parser, where a crafted CSS selector can trigger a Regular Expression Denial of Service (ReDoS) at runtime. Exploitation requires injecting a string into a selector (e.g., via runtime qu...
CVE-2021-32821
MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...
json_index (=0.0.0), koios (>=0.0.1 <=1.0.1) +5 more potentially affected by CVE-2021-20088 via mootools-more (>=1.5.1 <=1.5.2)
mootools-more NPM version =1.5.1, =0.0.1, =0.1.0, =0.0.0, =0.1.0, =0.1.0, =0.8.3 - youtube-playlist-download =1.0.0 Source cves: CVE-2021-20088 Source advisory: OSV:GHSA-FW45-938V-P26J...
GHSA-FW45-938V-P26J mootools-more vulnerable to prototype pollution
Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype...
mootools-more vulnerable to prototype pollution
Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype...
GHSA-X6HX-7GH3-3Q98 Prototype Pollution in mootools
This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge...
@fley_real/notification-manager (=1.0.0), @nbish11/test (>=1.0.2 <=1.2.0) +53 more potentially affected by CVE-2021-23432 via mootools (>=1.3.2 <=1.5.2)
mootools NPM version =1.3.2, =1.0.2, =0.1.2, =0.1.0, =0.8.3, =1.0.0, =0.9.3, =1.3.0, =0.0.2, =0.4.0, =0.2.0, =0.2.0, =1.0.5, =2.0.2 and more Source cves: CVE-2021-23432 Source advisory: OSV:GHSA-X6HX-7GH3-3Q98...
Prototype Pollution in mootools
This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge...
Prototype Pollution
mootools is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
CVE-2021-23432
This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge...
UBUNTU-CVE-2021-23432
This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge...
CVE-2021-23432 Prototype Pollution
This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge...
CVE-2021-23432
CVE-2021-23432 affects all versions of the mootools library. The root cause is the ability to pass untrusted input to Object.merge() , leading to prototype pollution . Several connected sources confirm the issue and the affected component, with CVSS values indicating high to critical impact (netw...
CVE-2021-23432
This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge...
mootools 安全漏洞
mootools is a library for web development with OOP support. A security vulnerability exists in mootools that allows an attacker to pass untrusted input to the application's Object.merge...
@fley_real/notification-manager (=1.0.0), @nbish11/test (>=1.0.2 <=1.2.0) +53 more potentially affected by CVE-2021-23432 via mootools (>=1.3.2 <=1.5.2)
mootools NPM version =1.3.2, =1.0.2, =0.1.2, =0.1.0, =0.8.3, =1.0.0, =0.9.3, =1.3.0, =0.0.2, =0.4.0, =0.2.0, =0.2.0, =1.0.5, =2.0.2 and more Source cves: CVE-2021-23432 Source advisory: SNYK:JS-MOOTOOLS-1325536...
Prototype Pollution
Overview mootools is an a library for web development, with support for OOP. Affected versions of this package are vulnerable to Prototype Pollution. This is due to the ability to pass untrusted input to Object.merge PoC: require"mootools" Object.merge, JSON.parse""proto": "vulnerable": true"...
Unspecified Vulnerability in MooTools More
MooTools More is an application software. library of MooTools plug-ins and enhancements. A security vulnerability exists in MooTools More 1.6.0, which can be exploited by an attacker to inject properties into Object.Prototype...
Prototype Pollution
mootools-more is vulnerable to prototype pollution. An attacker is able to inject malicious properties into existing construct prototypes Object.prototype and modify attributes such as proto, constructor and prototype...