Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mcnA5LTJ2NnItZ2o5N84AAvnJ
muhammara and hummus vulnerable to null pointer dereference on bad response object
The package muhammara before 2.6.0 and the package hummus before 1.0.111 are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.
Permalink: https://github.com/advisories/GHSA-frp9-2v6r-gj97JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mcnA5LTJ2NnItZ2o5N84AAvnJ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 11 months ago
Updated: 8 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-frp9-2v6r-gj97, CVE-2022-25885
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25885
- https://github.com/galkahana/HummusJS/issues/439
- https://github.com/julianhille/MuhammaraJS/issues/188
- https://github.com/julianhille/MuhammaraJS/commit/0a6427eec82ef2978995e453de2dc0d6224dd46c
- https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091139
- https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3091137
- https://github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a
- https://github.com/advisories/GHSA-frp9-2v6r-gj97
Affected Packages
npm:hummus
Versions: >= 1.0.0, <= 1.0.110Fixed in: 1.0.111
npm:muhammara
Versions: < 2.6.0Fixed in: 2.6.0