1.0.0-master.655f7ac
6 years ago
19 hours ago
Known vulnerabilities in the rsshub package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
rsshub is a Make RSS Great Again! Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) due to improper validation of user-supplied URLs in several endpoints. An attacker can leverage this vulnerability to use the server as a proxy for sending HTTP GET requests to arbitrary destinations, potentially leading to information disclosure from the internal network or facilitating Denial-of-Service (DoS) attacks by causing the server to request large files or chaining multiple requests. How to fix Server-Side Request Forgery (SSRF)? Upgrade | <1.0.0-master.a429472 |
rsshub is a Make RSS Great Again! Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization via unvalidated URL parameters. How to fix Cross-site Scripting (XSS)? Upgrade | <1.0.0-master.c910c4d |
rsshub is a Make RSS Great Again! Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) such that an attacker can send a request to the affected routes with a malicious URL. For example, if an attacker controls the The Note: The following routes are affected by this vulnerability:
How to fix Server-side Request Forgery (SSRF)? Upgrade | <1.0.0-master.a66cbcf |
rsshub is a Make RSS Great Again! Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when passing some special values to the How to fix Regular Expression Denial of Service (ReDoS)? Upgrade | <1.0.0-master.5c41774 |
rsshub is a Make RSS Great Again! Affected versions of this package are vulnerable to Command Injection. Some routes use How to fix Command Injection? Upgrade | <1.0.0-master.4db1c91 |