Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/rsshub@1.0.0-master.cc8c869
Typenpm
Namespace
Namersshub
Version1.0.0-master.cc8c869
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.0.0-master.d8ca915
Latest_non_vulnerable_version1.0.0-master.e2a57e4
Affected_by_vulnerabilities
0
url VCID-4t81-uwze-q7hh
vulnerability_id VCID-4t81-uwze-q7hh
summary 
RSSHub Cross-site Scripting vulnerability caused by internal media proxy
## Impact
When the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code.

Users who access the deliberately constructed URL are affected.

## Patches

This vulnerability was fixed in version https://github.com/DIYgod/RSSHub/commit/4d3e5d79c1c17837e931b4cd253d2013b487aa87. Please upgrade to this or a later version.

## Workarounds

No.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27926
reference_id
reference_type
scores
0
value 0.01003
scoring_system epss
scoring_elements 0.77385
published_at 2026-06-08T12:55:00Z
1
value 0.01003
scoring_system epss
scoring_elements 0.77404
published_at 2026-06-06T12:55:00Z
2
value 0.01003
scoring_system epss
scoring_elements 0.77394
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27926
1
reference_url https://github.com/DIYgod/RSSHub
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/DIYgod/RSSHub
2
reference_url https://github.com/DIYgod/RSSHub/commit/4d3e5d79c1c17837e931b4cd253d2013b487aa87
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-05T15:07:47Z/
url https://github.com/DIYgod/RSSHub/commit/4d3e5d79c1c17837e931b4cd253d2013b487aa87
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27926
reference_id CVE-2024-27926
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27926
4
reference_url https://github.com/advisories/GHSA-2wqw-hr4f-xrhh
reference_id GHSA-2wqw-hr4f-xrhh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2wqw-hr4f-xrhh
5
reference_url https://github.com/DIYgod/RSSHub/security/advisories/GHSA-2wqw-hr4f-xrhh
reference_id GHSA-2wqw-hr4f-xrhh
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-05T15:07:47Z/
url https://github.com/DIYgod/RSSHub/security/advisories/GHSA-2wqw-hr4f-xrhh
fixed_packages
0
url pkg:npm/rsshub@1.0.0-master.d8ca915
purl pkg:npm/rsshub@1.0.0-master.d8ca915
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/rsshub@1.0.0-master.d8ca915
aliases CVE-2024-27926, GHSA-2wqw-hr4f-xrhh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4t81-uwze-q7hh
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/rsshub@1.0.0-master.cc8c869