Miggo Logo
Miggo Vulnerability Database
CVE-2021-32821

CVE-2021-32821: MooTools Regular Expression Denial of Service

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-32821
GHSA ID
GHSA-v63q-hgqc-qvpg
EPSS Score
0.64608%
CWE
CWE-400
Published
1/3/2023
Updated
4/2/2024
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
mootoolsnpm<= 1.5.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The advisory specifically references Slick.Parser.js as the vulnerable component, and the provided PoC demonstrates exploitation via Slick.Slick.parse(). The vulnerability stems from inefficient regex patterns in the CSS selector parsing logic, which is core functionality handled by this parser. The direct reproduction using this function and the CWE mapping to inefficient regex complexity confirm this assessment.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

MooTools is * *oll**tion o* J*v*S*ript utiliti*s *or J*v*S*ript **v*lop*rs. *ll known v*rsions in*lu** * *SS s*l**tor p*rs*r t**t is vuln*r**l* to R**ul*r *xpr*ssion **ni*l o* S*rvi** (R**oS). *n *tt**k r*quir*s t**t *n *tt**k*r **n inj**t * strin* i

Reasoning

T** **visory sp**i*i**lly r***r*n**s `Sli*k.P*rs*r.js` *s t** vuln*r**l* *ompon*nt, *n* t** provi*** Po* **monstr*t*s *xploit*tion vi* `Sli*k.Sli*k.p*rs*()`. T** vuln*r**ility st*ms *rom in***i*i*nt r***x p*tt*rns in t** *SS s*l**tor p*rsin* lo*i*, w