Vulnerabilities > CVE-2021-21278 - Unspecified vulnerability in Rsshub
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues The fix in version 7f1c430 is to temporarily remove the problematic route and added a `no-new-func` rule to eslint.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- https://github.com/DIYgod/RSSHub/commit/7f1c43094e8a82e4d8f036ff7d42568fed00699d
- https://github.com/DIYgod/RSSHub/commit/7f1c43094e8a82e4d8f036ff7d42568fed00699d
- https://github.com/DIYgod/RSSHub/security/advisories/GHSA-pgjj-866w-fc5c
- https://github.com/DIYgod/RSSHub/security/advisories/GHSA-pgjj-866w-fc5c
- https://www.npmjs.com/package/rsshub
- https://www.npmjs.com/package/rsshub