CVE-2021-32821
MEDIUMMooTools < 1.6.0 - Regular Expression Denial of Service via CSS Selector Parser
Title source: llmDescription
MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/
Scores
CVSS v3
6.2
EPSS
0.0064
EPSS Percentile
45.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1333
CWE-400
Status
published
Products (2)
mootools/mootools
< 1.6.0
npm/mootools
0npm
Published
Jan 03, 2023
Tracked Since
Feb 18, 2026