CVEs-PoC/2021/CVE-2021-32821.md

### [CVE-2021-32821](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32821)
![](https://img.shields.io/static/v1?label=Product&message=mootools-core&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.6.0%3C%3D%201.6.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen)

### Description

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.

### POC

#### Reference
- https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/

#### Github
- https://github.com/Live-Hack-CVE/CVE-2021-32821