1.0.0-master.352cac9
6 years ago
17 hours ago
Known vulnerabilities in the rsshub package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
rsshub is a Make RSS Great Again! Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to the internal media proxy, when a specially crafted image is supplied to the internal media proxy. This allowes for the execution of arbitrary JavaScript code. How to fix Cross-site Scripting (XSS)? Upgrade | >=1.0.0-master.cbbd829 <1.0.0-master.d8ca915 |