CVE-2021-23432 — Vulnetix

CVE-2021-23432 PUBLISHED

This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()

EPSS 0.30% · 54.0th percentile

Risk Scores

EPSS Score

0.30%

54.0th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	mootools	1.4.5~debian1-2.1, 0
Ubuntu:20.04:LTS	mootools	0, 1.4.5~debian1-2.1
Ubuntu:18.04:LTS	mootools	0, 1.4.5~debian1-2.1
Ubuntu:25.10	mootools	0, *
Ubuntu:24.04:LTS	mootools	0, *
Ubuntu:22.04:LTS	mootools	1.4.5~debian1-3, 0

Exploit Intelligence

https://snyk.io/vuln/SNYK-JS-MOOTOOLS-1325536 (nist-nvd)

Timeline

Aug 24, 2021 CVE Published
Aug 25, 2021 EPSS Score
Aug 31, 2021 CVE Updated
Oct 22, 2021 EPSS Score
Dec 19, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 16, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 15, 2022 EPSS Score
Jun 12, 2022 EPSS Score
Aug 10, 2022 EPSS Score
Oct 7, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2021-23432 third-party-advisory
https://snyk.io/vuln/SNYK-JS-MOOTOOLS-1325536 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-23432 third-party-advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›