MooTools Regular Expression Denial of Service

Description

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.5.2

References

• GHSA-v63q-hgqc-qvpg
• CVE-2021-32821
• CWE-1333
• CWE-400
• CAPEC-310
• OWASP 2021-A6

Related Issues

• jspdf vulnerable to Regular Expression Denial of Service (ReDoS) - CVE-2021-23353
• Regular Expression Denial of Service in jsoneditor - CVE-2021-3822
• Regular Expression Denial of Service (ReDoS) - ssri - CVE-2021-27290
• html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS) - CVE-2021-23346

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

mootools