CVE-2021-32821 MEDIUM

CVE-2021-32821: Regular expression Denial of Service in MooTools

Vendor Mootools
Product mootools-core
Weakness CWE-400
Published January 3, 2023
Last update March 10, 2025

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.

Key dates

02Disclosure timeline

January 3, 2023 CVE published
March 10, 2025 Record updated