CVE-2022-31110

Опубликовано: 29 июн. 2022

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

RSSHub is an open source, extensible RSS feed generator. In commits prior to 5c4177441417 passing some special values to the filter and filterout parameters can cause an abnormally high CPU. This results in an impact on the performance of the servers and RSSHub services which may lead to a denial of service. This issue has been fixed in commit 5c4177441417 and all users are advised to upgrade. There are no known workarounds for this issue.

Ссылки

https://github.com/DIYgod/RSSHub/commit/5c4177441417b44a6e45c3c63e9eac2504abeb5b
Patch
Third Party Advisory
https://github.com/DIYgod/RSSHub/issues/10045
Exploit
Issue Tracking
Mitigation
Third Party Advisory
https://github.com/DIYgod/RSSHub/security/advisories/GHSA-jvxx-v45p-v5vf
Patch
Third Party Advisory
https://github.com/DIYgod/RSSHub/commit/5c4177441417b44a6e45c3c63e9eac2504abeb5b
Patch
Third Party Advisory
https://github.com/DIYgod/RSSHub/issues/10045
Exploit
Issue Tracking
Mitigation
Third Party Advisory
https://github.com/DIYgod/RSSHub/security/advisories/GHSA-jvxx-v45p-v5vf
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rsshub:rsshub:*:*:*:*:*:node.js:*:*

Версия до 2022-06-21 (исключая)

EPSS

Процентиль: 68%

0.00557

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

CWE-1333

Связанные уязвимости

GHSA-jvxx-v45p-v5vf

CVSS3: 5.3

github

больше 3 лет назад

Denial of Service (DoS) vulnerability in RSSHub

EPSS

Процентиль: 68%

0.00557

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

CWE-1333