CVE-2021-23432 MEDIUM

CVE-2021-23432: Prototype Pollution

Vendor N/A
Product mootools
Published August 24, 2021
Last update September 16, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P

What the vulnerability does

01Description

This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()

Key dates

02Disclosure timeline

August 24, 2021 CVE published
September 16, 2024 Record updated