CVE-2022-25885

Опубликовано: 01 нояб. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.

Ссылки

https://github.com/galkahana/HummusJS/issues/439
Exploit
Issue Tracking
Third Party Advisory
https://github.com/julianhille/MuhammaraJS/commit/0a6427eec82ef2978995e453de2dc0d6224dd46c
Patch
Third Party Advisory
https://github.com/julianhille/MuhammaraJS/issues/188
Exploit
Issue Tracking
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091139
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3091137
Third Party Advisory
https://github.com/galkahana/HummusJS/issues/439
Exploit
Issue Tracking
Third Party Advisory
https://github.com/julianhille/MuhammaraJS/commit/0a6427eec82ef2978995e453de2dc0d6224dd46c
Patch
Third Party Advisory
https://github.com/julianhille/MuhammaraJS/issues/188
Exploit
Issue Tracking
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091139
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3091137
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:muhammara_project:muhammara:*:*:*:*:*:node.js:*:*

Версия до 2.6.0 (исключая)

EPSS

Процентиль: 75%

0.00893

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-20

Связанные уязвимости

GHSA-frp9-2v6r-gj97