| 제목 | Regular expression Denial of Service in mootools |
|---|
| 설명 | The tool mootools contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). The tested version was the latest commit at the time of reporting (December 21, 2020). The attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. This issue was discovered and reported by GitHub team member @erik-krogh (Erik Krogh Kristensen). CVE-2021-32821 was assigned, the current maintainer sent an update informing they’re treating this issue as a wontfix due to low impact and lack of activity on the project |
|---|
| 원천 | ⚠️ https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/ |
|---|
| 사용자 | misc (UID 3) |
|---|
| 제출 | 2021. 07. 07. AM 07:08 (5 연령 ago) |
|---|
| 모더레이션 | 2021. 07. 07. AM 08:16 (1 hour later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 178008 [mootools 권한 상승] |
|---|
| 포인트들 | 20 |
|---|