Vulnerabilities > CVE-2020-27511 - Unspecified vulnerability in Prototypejs Prototype 1.7.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://prototypejs.org/
- http://prototypejs.org/
- https://github.com/prototypejs/prototype/blob/dee2f7d8611248abce81287e1be4156011953c90/src/prototype/lang/string.js#L283
- https://github.com/prototypejs/prototype/blob/dee2f7d8611248abce81287e1be4156011953c90/src/prototype/lang/string.js#L283
- https://github.com/yetingli/PoCs/blob/main/CVE-2020-27511/Prototype.md
- https://github.com/yetingli/PoCs/blob/main/CVE-2020-27511/Prototype.md