Mootools-more 1.6.0 is use which is potential vulnerable to CVE-2021-20088 in pyload/pyload
Valid
Reported on
Jan 7th 2023
Description
Mootools-more 1.6.0 is use which is potential vulnerable to CVE-2021-20088
Proof of Concept
https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/mootools-more.md
# Impact
This vulnerability is capable of potential prototype pollution upon executing the CVE
Occurrences
MooTools-More.min.js L5
Moolstools more 1.6.0 in use.
References
We are processing your report and will contact the
pyload
team within 24 hours.
4 months ago
We have contacted a member of the
pyload
team and are waiting to hear back
4 months ago
The researcher's credibility has increased: +7
Replaced MooTools-More.min.js with patched version according to https://github.com/mootools/mootools-more/pull/1362
The fix bounty has been dropped
This vulnerability has been assigned a CVE
MooTools-More.min.js#L5
has been validated
Hi Maintainer,
I have noted the fix and thanks for the cve too.
to join this conversation
