RSSHub SSRF vulnerability

Severity:: High

Description

RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network.

Recommendation

Update the rsshub package to the latest compatible version. Followings are version details:

Affected version(s): < 1.0.0-master.a66cbcf
Patched version(s): 1.0.0-master.a66cbcf

References

GHSA-64wp-jh9p-5cg2
advisory.dw1.io
CVE-2023-22493
CWE-918
CAPEC-310
OWASP 2021-A10
OWASP 2021-A6

Related Issues

RSSHub vulnerable to Server-Side Request Forgery - CVE-2024-27927
Uncaught Exception in yaml - CVE-2023-2251
Simditor XSS Vulnerability - CVE-2018-6464
Open Redirect in url-parse - CVE-2018-3774

Tags:: npm; rsshub

Anything's wrong? Let us know Last updated on January 23, 2023