Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JS-RSSHUB-1065277
- published 27 Jan 2021
- disclosed 27 Jan 2021
- credit Unknown
How to fix?
rsshub to version 1.0.0-master.4db1c91 or higher.
rsshub is a Make RSS Great Again!
Affected versions of this package are vulnerable to Command Injection. Some routes use
Function constructor, which may be injected by the target site with unsafe code, causing server-side security issues.