Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/rsshub@1.0.0-master.a429472

Type npm

Namespace

Name rsshub

Version 1.0.0-master.a429472

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.0.0-master.c910c4d

Latest_non_vulnerable_version 1.0.0-master.e2a57e4

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-nn7t-5bp3-abca

vulnerability_id VCID-nn7t-5bp3-abca

summary RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. The attacker can send malicious requests to a RSSHub server, to make the server send HTTP GET requests to arbitrary destinations and see partial responses. This may lead to leak the server IP address, which could be hidden behind a CDN; retrieving information in the internal network, e.g. which addresses/ports are accessible, the titles and meta descriptions of HTML pages; and denial of service amplification. The attacker could request the server to download some large files, or chain several SSRF requests in a single attacker request.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-27927

reference_id

reference_type

scores

value	0.01376
scoring_system	epss
scoring_elements	0.80724
published_at	2026-06-14T12:55:00Z

value	0.01376
scoring_system	epss
scoring_elements	0.80661
published_at	2026-06-11T12:55:00Z

value	0.01376
scoring_system	epss
scoring_elements	0.80721
published_at	2026-06-12T12:55:00Z

value	0.01376
scoring_system	epss
scoring_elements	0.80733
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-27927

reference_url

https://github.com/DIYgod/RSSHub

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/DIYgod/RSSHub

reference_url

https://github.com/DIYgod/RSSHub/commit/a42947231104a9ec3436fc52cedb31740c9a7069

reference_id

a42947231104a9ec3436fc52cedb31740c9a7069

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-05T15:40:32Z/

url

https://github.com/DIYgod/RSSHub/commit/a42947231104a9ec3436fc52cedb31740c9a7069

reference_url

https://github.com/DIYgod/RSSHub/blob/5928c5db2472e101c2f5c3bafed77a2f72edd40a/lib/routes/mastodon/acct.js#L4-L7

reference_id

acct.js#L4-L7

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-05T15:40:32Z/

url

https://github.com/DIYgod/RSSHub/blob/5928c5db2472e101c2f5c3bafed77a2f72edd40a/lib/routes/mastodon/acct.js#L4-L7

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-27927

reference_id

CVE-2024-27927

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-27927

reference_url

https://github.com/advisories/GHSA-3p3p-cgj7-vgw3

reference_id

GHSA-3p3p-cgj7-vgw3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3p3p-cgj7-vgw3

reference_url

https://github.com/DIYgod/RSSHub/security/advisories/GHSA-3p3p-cgj7-vgw3

reference_id

GHSA-3p3p-cgj7-vgw3

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-05T15:40:32Z/

url

https://github.com/DIYgod/RSSHub/security/advisories/GHSA-3p3p-cgj7-vgw3

reference_url

https://github.com/DIYgod/RSSHub/blob/172f6cfd2b69ea6affdbdedf61e6dde1671f3796/lib/routes/m4/index.js#L10-L14

reference_id

index.js#L10-L14

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-05T15:40:32Z/

url

https://github.com/DIYgod/RSSHub/blob/172f6cfd2b69ea6affdbdedf61e6dde1671f3796/lib/routes/m4/index.js#L10-L14

reference_url

https://github.com/DIYgod/RSSHub/blob/172f6cfd2b69ea6affdbdedf61e6dde1671f3796/lib/routes/zjol/paper.js#L7-L13

reference_id

paper.js#L7-L13

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-05T15:40:32Z/

url

https://github.com/DIYgod/RSSHub/blob/172f6cfd2b69ea6affdbdedf61e6dde1671f3796/lib/routes/zjol/paper.js#L7-L13

reference_url

https://github.com/DIYgod/RSSHub/blob/5928c5db2472e101c2f5c3bafed77a2f72edd40a/lib/routes/mastodon/utils.js#L85-L105

reference_id

utils.js#L85-L105

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-05T15:40:32Z/

url

https://github.com/DIYgod/RSSHub/blob/5928c5db2472e101c2f5c3bafed77a2f72edd40a/lib/routes/mastodon/utils.js#L85-L105

fixed_packages

url	pkg:npm/rsshub@1.0.0-master.a429472
purl	pkg:npm/rsshub@1.0.0-master.a429472
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/rsshub@1.0.0-master.a429472

aliases CVE-2024-27927, GHSA-3p3p-cgj7-vgw3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nn7t-5bp3-abca

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/rsshub@1.0.0-master.a429472

Package Instance