Miggo Logo

CVE-2021-20088: mootools-more vulnerable to prototype pollution

8.8

CVSS Score
3.1

Basic Information

EPSS Score
0.63781%
Published
5/24/2022
Updated
4/22/2024
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
mootools-morenpm<= 1.6.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the parseQueryString function's handling of query parameters. The code uses unvalidated user input to create object properties through path traversal (keys array processing). The PoC demonstrates that supplying proto or constructor[prototype] in query parameters pollutes the base object prototype. The GitHub advisory and NVD description both confirm this is the attack vector, and the BlackFan analysis explicitly shows the vulnerable code path in String.QueryString.js line 46.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Improp*rly *ontroll** Mo*i*i**tion o* O*j**t Prototyp* *ttri*ut*s ('Prototyp* Pollution') in mootools-mor* *.*.* *llows * m*li*ious us*r to inj**t prop*rti*s into O*j**t.prototyp*.

Reasoning

T** vuln*r**ility st*ms *rom t** p*rs*Qu*ryStrin* *un*tion's **n*lin* o* qu*ry p*r*m*t*rs. T** *o** us*s unv*li**t** us*r input to *r**t* o*j**t prop*rti*s t*rou** p*t* tr*v*rs*l (k*ys *rr*y pro**ssin*). T** Po* **monstr*t*s t**t supplyin* __proto__