Vulnerabilities > CVE-2020-27511 - Unspecified vulnerability in Prototypejs Prototype 1.7.3

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

prototypejs

NVD

Published: 2021-06-21

Updated: 2021-09-20

Summary

An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags.

Vulnerable Configurations

Part	Description	Count
Application	Prototypejs Prototypejs Prototype 1.7.3	1

References

http://prototypejs.org/
https://github.com/yetingli/PoCs/blob/main/CVE-2020-27511/Prototype.md
https://github.com/prototypejs/prototype/blob/dee2f7d8611248abce81287e1be4156011953c90/src/prototype/lang/string.js#L283