You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jun 10, 2025. It is now read-only.
"TITLE": "Regular expression Denial of Service in MooTools"
9
7
},
8
+
"affects": {
9
+
"vendor": {
10
+
"vendor_data": [
11
+
{
12
+
"product": {
13
+
"product_data": [
14
+
{
15
+
"product_name": "mootools-core",
16
+
"version": {
17
+
"version_data": [
18
+
{
19
+
"version_affected": "<=",
20
+
"version_name": "1.6.0",
21
+
"version_value": "1.6.0"
22
+
}
23
+
]
24
+
}
25
+
}
26
+
]
27
+
},
28
+
"vendor_name": "mootools"
29
+
}
30
+
]
31
+
}
32
+
},
33
+
"data_format": "MITRE",
34
+
"data_type": "CVE",
35
+
"data_version": "4.0",
10
36
"description": {
11
37
"description_data": [
12
38
{
13
39
"lang": "eng",
14
-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
40
+
"value": "MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue."
0 commit comments