Mootools-more 1.6.0 is use which is potential vulnerable to CVE-2021-20088 in pyload/pyload

Valid

Reported on

Jan 7th 2023


Description

Mootools-more 1.6.0 is use which is potential vulnerable to CVE-2021-20088

Proof of Concept

https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/mootools-more.md



# Impact

This vulnerability is capable of potential prototype pollution upon executing the CVE

Occurrences

Moolstools more 1.6.0 in use.

We are processing your report and will contact the pyload team within 24 hours. 4 months ago
We have contacted a member of the pyload team and are waiting to hear back 4 months ago
pyload/pyload maintainer validated this vulnerability 4 months ago
Joshua Chan has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
pyload/pyload maintainer
4 months ago

Maintainer


Replaced MooTools-More.min.js with patched version according to https://github.com/mootools/mootools-more/pull/1362

pyload/pyload maintainer marked this as fixed in 0.5.0b3.dev41 with commit 431ea6 4 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
pyload/pyload maintainer published this vulnerability 4 months ago
MooTools-More.min.js#L5 has been validated
Joshua Chan
4 months ago

Researcher


Hi Maintainer,

I have noted the fix and thanks for the cve too.

to join this conversation