From ef314369b01512b63ad19f3a3ca937676feac6ad Mon Sep 17 00:00:00 2001
From: "Shelby J. Cunningham" <shelbyc@github.com>
Date: Tue, 3 Jan 2023 11:48:11 -0500
Subject: [PATCH] Add CVE-2021-32821 for GHSL-2020-345

---
 .DS_Store                      | Bin 0 -> 10244 bytes
 2021/32xxx/CVE-2021-32821.json |  85 ++++++++++++++++++++++++++++++---
 2 files changed, 79 insertions(+), 6 deletions(-)
 create mode 100644 .DS_Store

diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..c43d64e3c23b15cf659cfd1c073461be84f14043
GIT binary patch
literal 10244
zcmeHM&u<$=6n>K$vToXD)5fI@Ag!>FkQx<l;`|aqHBO>pA({}IG$C!>wY@Q`Y<8^O
zO+p$4`3xui0JwAN6$yzme*rhdl@s*Z6TF#OyY_lkGE&q~X~x=lv$Nlu^?UF0%)BuG
zkm5nZ1TX+V!;4A%5>}GJp0jJ9j6^-}q9mvfC70G~F0J9cK7dvo$^*&+$^*&+$^*&+
z{|67?n$3zfCZwvB2b2et2f7|$^MipGlZ8mOh2&EQRy+kjnZj;fu+6vrC=J$uvJlC(
zkl2HT2vw9ql|(59i82Qw)bV*C!ncJK>OlCLah&MQB+5`olz0$>!+{ipRJHPe^1z@6
zSni$z6PDN~mcM_5&u;(23s+3R4CL4+hI^WTGy8Gm?F8IR4EJpUZZ?K{o`B2u<AB-m
zgT#)x7>?N?!_D{OxE(UwLJY_3kl_|%IA(_oCy58SGGK=(i-!~^iH8&?iH8&?iH8&?
zi3j;wVuvIiQk*0nQk*0nQk*0nQk*Ove@X0EsvQNb=p5{)TFZ5UFqiv{j9f^)_WGzc
zs*Pz6%U{x?a%hDILDBMe*j<HEx7KM}wN1x9s_K)=)C(=gvwg1MG;D-CxbJukdQ_wb
zUL)YTW${2uYw4<f<K$${G^dR@bMAE7I9XW8O&j^y`P0+1mdU>V!A5n@-S_A>$T=(|
zT2A4zxbN1CyW;nbbAwYqjO-!5bnN*<*E<%aFOFThd}UmpxO#13aw2m*^Tv(L&8exk
zs`|B>Ro`p+?3*rAm-<Ebz}{*4PNUqi>W<gk3hl4Lvh&2Q>Q`gX4ZHE^MOWpxg_y|~
z9elXEzHNJaytUokzz(;n`gl<Hsq3!OzzH4dZTCFgeh{FaOQF4A@^&e{@eqBy)?%<=
z)Aj?D1NvLrmhW3$(=HxAbgi20u6acohIF4H*=Tj@t@}0`Y0JSjvn6}ynQ&va@JXlf
zo@nTh6%BxFAt>;+rjv?CJv*Jw7S^Mu8r;HJ>r>c-J$M4&!T0bKeuiJ+claBglTmV$
zyhCo0Jo%8^As>^^$Ofs9ZSn=#5&9#YsInQir;rBTbfbD$_C1$+P3&WM(T_8H|LlZs
z1~SNU#GO0KXXmGlnZ^8>upI6AZ!FJT=PZA7>gBV%m(v4`JyVu<IXy`CVOf6sCnsQ+
z<z14eamOEL`Hy`p*ArM?=Oe-pEXSxOuw1ql%2;lmH_K-h@;HAlE}ap}O~vwox%>=R
ze)#xYS#Bn<T(*;wv0S#3>&0D!Wmtn1SjGB2+(Wqm<=8rbyX=uiJ-eZCu5%A6h%G@8
zKF3xGb??G$*oQ_;8&{b=?KEnw;u^SutKh0kgYClmG{mH!YUKgtf#E!GLBNbLl&i`A
z{|`5qLMaa@54@5dAgPt|N)f+$CvA*d!Oq$ZydLAl3d6O9<SJP4<9L+(I391<aXe3Y
pu`h>hUa(zY4U}ymv4!QO{~4h2e>~Mm*fXm9ABH*Qde!s)e*vl~I)(rM

literal 0
HcmV?d00001

diff --git a/2021/32xxx/CVE-2021-32821.json b/2021/32xxx/CVE-2021-32821.json
index 0616fa4f178..f87fa075aed 100644
--- a/2021/32xxx/CVE-2021-32821.json
+++ b/2021/32xxx/CVE-2021-32821.json
@@ -1,18 +1,91 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
         "ID": "CVE-2021-32821",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Regular expression Denial of Service in MooTools"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "mootools-core",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_name": "1.6.0",
+                                            "version_value": "1.6.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "mootools"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue."
             }
         ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "LOCAL",
+            "availabilityImpact": "HIGH",
+            "baseScore": 6.2,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "NONE",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "NONE",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-400 Uncontrolled Resource Consumption"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/",
+                "refsource": "CONFIRM",
+                "url": "https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSL-2020-345",
+        "defect": [
+            "GHSL-2020-345"
+        ],
+        "discovery": "UNKNOWN"
     }
 }
\ No newline at end of file