Lookup for vulnerable packages by Package URL.
| Purl | pkg:npm/rsshub@1.0.0-master.b9e3a6d |
|---|
| Type | npm |
|---|
| Namespace | |
|---|
| Name | rsshub |
|---|
| Version | 1.0.0-master.b9e3a6d |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | 1.0.0-master.c910c4d |
|---|
| Latest_non_vulnerable_version | 1.0.0-master.e2a57e4 |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-gb6h-xzdu-63g6 |
| vulnerability_id |
VCID-gb6h-xzdu-63g6 |
| summary |
Denial of Service (DoS) vulnerability in RSSHub
### Impact
Passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. Impact on the performance of the servers and RSSHub services.
### Patches
It is fixed in 5c4177441417b44a6e45c3c63e9eac2504abeb5b , please update to this or the later versions as soon as possible.
### References
Full report: https://github.com/DIYgod/RSSHub/issues/10045
### For more information
If you have any questions or comments about this advisory:
* Open an issue in <https://github.com/DIYgod/RSSHub/issues>
* Email us at [i@diygod.me](mailto:i@diygod.me)
### Credits
@Rongronggg9 |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2022-31110, GHSA-jvxx-v45p-v5vf, GMS-2022-2614
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gb6h-xzdu-63g6 |
|
| 1 |
| url |
VCID-syn8-e3ey-9baw |
| vulnerability_id |
VCID-syn8-e3ey-9baw |
| summary |
Injection Vulnerability
RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub, there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-21278, GHSA-pgjj-866w-fc5c
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-syn8-e3ey-9baw |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | 4.0 |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:npm/rsshub@1.0.0-master.b9e3a6d |
|---|