Denial of Service (DoS) vulnerability in RSSHub

Severity:: Medium

Description

Passing some special values to the filter and filterout parameters can cause an abnormally high CPU. Impact on the performance of the servers and RSSHub services.

Recommendation

No fix is available yet. Followings are affected versions:

<= 1.0.0

References

GHSA-jvxx-v45p-v5vf
CVE-2022-31110
CWE-1333
CWE-400
CAPEC-310
OWASP 2021-A6

Related Issues

Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter - CVE-2022-24901
useragent Regular Expression Denial of Service vulnerability - CVE-2020-26311
jsPDF Denial of Service (DoS) - CVE-2025-57810
steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments - CVE-2022-37262

CSRF, XXE, and 12 Other Security Acronyms Explained

Exploiting Server Version Disclosure

How do hackers hack websites?

Tags:: npm; rsshub

Anything's wrong? Let us know Last updated on July 24, 2023