Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qdnh4LXY0NXAtdjV2Zs4AAs7J
Denial of Service (DoS) vulnerability in RSSHub
Impact
Passing some special values to the filter
and filterout
parameters can cause an abnormally high CPU. Impact on the performance of the servers and RSSHub services.
Patches
It is fixed in 5c4177441417b44a6e45c3c63e9eac2504abeb5b , please update to this or the later versions as soon as possible.
References
Full report: https://github.com/DIYgod/RSSHub/issues/10045
For more information
If you have any questions or comments about this advisory:
- Open an issue in https://github.com/DIYgod/RSSHub/issues
- Email us at [email protected]
Credits
@Rongronggg9
Permalink: https://github.com/advisories/GHSA-jvxx-v45p-v5vfJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qdnh4LXY0NXAtdjV2Zs4AAs7J
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 9 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-jvxx-v45p-v5vf, CVE-2022-31110
References:
- https://github.com/DIYgod/RSSHub/security/advisories/GHSA-jvxx-v45p-v5vf
- https://github.com/DIYgod/RSSHub/commit/4671720f4c5e1aaaad8fcc1dce684b6546baf2ff
- https://github.com/DIYgod/RSSHub/commit/5c4177441417b44a6e45c3c63e9eac2504abeb5b
- https://nvd.nist.gov/vuln/detail/CVE-2022-31110
- https://github.com/DIYgod/RSSHub/issues/10045
- https://github.com/advisories/GHSA-jvxx-v45p-v5vf
Blast Radius: 6.4
Affected Packages
npm:rsshub
Dependent packages: 8Dependent repositories: 16
Downloads: 24,089 last month
Affected Version Ranges: <= 1.0.0
No known fixed version
All affected versions: 0.0.1, 0.1.0, 0.1.1, 1.0.0