Vulnerabilities > CVE-2022-25892 - Unspecified vulnerability in Muhammara Project Muhammara
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.
Vulnerable Configurations
References
- https://github.com/galkahana/HummusJS/issues/463
- https://github.com/galkahana/HummusJS/issues/463
- https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002
- https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002
- https://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51
- https://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51
- https://github.com/julianhille/MuhammaraJS/issues/214
- https://github.com/julianhille/MuhammaraJS/issues/214
- https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138
- https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138
- https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320
- https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320