Description
RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network.
Recommendation
Update the rsshub package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.0-master.a66cbcf
- Patched version(s): 1.0.0-master.a66cbcf
References
Related Issues
- google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability - CVE-2023-48711
- Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint - CVE-2023-46729
- A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA - CVE-2023-33831
- Joplin Cross-site Scripting vulnerability - CVE-2023-37299
You might also like:
- Tags:
- npm
- rsshub
Anything's wrong? Let us know Last updated on January 23, 2023


