Lucene search
K

56 matches found

Vulnrichment
Vulnrichment
added 2023/01/03 12:0 a.m.5 views

CVE-2021-32821 Regular expression Denial of Service in MooTools

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

6.2CVSS6.8AI score0.00644EPSS
Exploits1References1
CVE
CVE
added 2023/01/03 12:0 a.m.77 views

CVE-2021-32821

CVE-2021-32821 affects MooTools (JavaScript utilities). The issue is a vulnerability in MooTools’ CSS selector parser, where a crafted CSS selector can trigger a Regular Expression Denial of Service (ReDoS) at runtime. Exploitation requires injecting a string into a selector (e.g., via runtime qu...

7.5CVSS6.6AI score0.00644EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2023/01/03 12:0 a.m.56 views

CVE-2021-32821

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

7.5CVSS7.3AI score0.00644EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/24 10:1 p.m.5 views

json_index (=0.0.0), koios (>=0.0.1 <=1.0.1) +5 more potentially affected by CVE-2021-20088 via mootools-more (>=1.5.1 <=1.5.2)

mootools-more NPM version =1.5.1, =0.0.1, =0.1.0, =0.0.0, =0.1.0, =0.1.0, =0.8.3 - youtube-playlist-download =1.0.0 Source cves: CVE-2021-20088 Source advisory: OSV:GHSA-FW45-938V-P26J...

8.8CVSS7.2AI score0.01449EPSS
Exploits1
OSV
OSV
added 2022/05/24 10:1 p.m.12 views

GHSA-FW45-938V-P26J mootools-more vulnerable to prototype pollution

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype...

8.8CVSS8.5AI score0.01449EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/24 10:1 p.m.19 views

mootools-more vulnerable to prototype pollution

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype...

8.8CVSS8.6AI score0.01449EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/09/02 5:9 p.m.4 views

GHSA-X6HX-7GH3-3Q98 Prototype Pollution in mootools

This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge...

5.4CVSS5.9AI score0.00889EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2021/09/02 5:9 p.m.3 views

@fley_real/notification-manager (=1.0.0), @nbish11/test (>=1.0.2 <=1.2.0) +53 more potentially affected by CVE-2021-23432 via mootools (>=1.3.2 <=1.5.2)

mootools NPM version =1.3.2, =1.0.2, =0.1.2, =0.1.0, =0.8.3, =1.0.0, =0.9.3, =1.3.0, =0.0.2, =0.4.0, =0.2.0, =0.2.0, =1.0.5, =2.0.2 and more Source cves: CVE-2021-23432 Source advisory: OSV:GHSA-X6HX-7GH3-3Q98...

9.8CVSS7.2AI score0.00889EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/09/02 5:9 p.m.110 views

Prototype Pollution in mootools

This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge...

9.8CVSS4.5AI score0.00889EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2021/08/25 3:12 a.m.18 views

Prototype Pollution

mootools is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

9.8CVSS3.3AI score0.00889EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2021/08/24 9:15 a.m.35 views

CVE-2021-23432

This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge...

9.8CVSS0.00889EPSS
Exploits1References1
OSV
OSV
added 2021/08/24 9:15 a.m.15 views

UBUNTU-CVE-2021-23432

This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge...

9.8CVSS5.8AI score0.00889EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/08/24 8:50 a.m.32 views

CVE-2021-23432 Prototype Pollution

This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge...

5.4CVSS9.7AI score0.00889EPSS
Exploits1References1
CVE
CVE
added 2021/08/24 8:50 a.m.60 views

CVE-2021-23432

CVE-2021-23432 affects all versions of the mootools library. The root cause is the ability to pass untrusted input to Object.merge() , leading to prototype pollution . Several connected sources confirm the issue and the affected component, with CVSS values indicating high to critical impact (netw...

9.8CVSS7.4AI score0.00889EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/08/24 8:48 a.m.2 views

CVE-2021-23432

This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge...

9.8CVSS5.3AI score0.00889EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/24 12:0 a.m.11 views

mootools 安全漏洞

mootools is a library for web development with OOP support. A security vulnerability exists in mootools that allows an attacker to pass untrusted input to the application's Object.merge...

9.8CVSS8.3AI score0.00889EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2021/07/25 9:41 a.m.8 views

@fley_real/notification-manager (=1.0.0), @nbish11/test (>=1.0.2 <=1.2.0) +53 more potentially affected by CVE-2021-23432 via mootools (>=1.3.2 <=1.5.2)

mootools NPM version =1.3.2, =1.0.2, =0.1.2, =0.1.0, =0.8.3, =1.0.0, =0.9.3, =1.3.0, =0.0.2, =0.4.0, =0.2.0, =0.2.0, =1.0.5, =2.0.2 and more Source cves: CVE-2021-23432 Source advisory: SNYK:JS-MOOTOOLS-1325536...

9.8CVSS7.2AI score0.00889EPSS
Exploits1
Snyk
Snyk
added 2021/07/25 9:41 a.m.5 views

Prototype Pollution

Overview mootools is an a library for web development, with support for OOP. Affected versions of this package are vulnerable to Prototype Pollution. This is due to the ability to pass untrusted input to Object.merge PoC: require"mootools" Object.merge, JSON.parse""proto": "vulnerable": true"...

9.8CVSS9AI score0.00889EPSS
Exploits1References2
CNVD
CNVD
added 2021/04/27 12:0 a.m.7 views

Unspecified Vulnerability in MooTools More

MooTools More is an application software. library of MooTools plug-ins and enhancements. A security vulnerability exists in MooTools More 1.6.0, which can be exploited by an attacker to inject properties into Object.Prototype...

8.8CVSS6.6AI score0.01449EPSS
Exploits1References1
Veracode
Veracode
added 2021/04/26 7:7 a.m.18 views

Prototype Pollution

mootools-more is vulnerable to prototype pollution. An attacker is able to inject malicious properties into existing construct prototypes Object.prototype and modify attributes such as proto, constructor and prototype...

8.8CVSS3.5AI score0.01449EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder