Lucene search

K
cve[email protected]CVE-2022-31110
HistoryJun 29, 2022 - 6:15 p.m.

CVE-2022-31110

2022-06-2918:15:08
CWE-400
CWE-1333
web.nvd.nist.gov
52
3
rsshub
cve-2022-31110
nvd
denial of service
fix
upgrade

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

54.3%

RSSHub is an open source, extensible RSS feed generator. In commits prior to 5c4177441417 passing some special values to the filter and filterout parameters can cause an abnormally high CPU. This results in an impact on the performance of the servers and RSSHub services which may lead to a denial of service. This issue has been fixed in commit 5c4177441417 and all users are advised to upgrade. There are no known workarounds for this issue.

Affected configurations

NVD
Node
rsshubrsshubRange<2022-06-21node.js
CPENameOperatorVersion
rsshub:rsshubrsshublt2022-06-21

CNA Affected

[
  {
    "product": "RSSHub",
    "vendor": "DIYgod",
    "versions": [
      {
        "status": "affected",
        "version": "commits prior to 5c4177441417b44a6e45c3c63e9eac2504abeb5b"
      }
    ]
  }
]

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

54.3%

Related for CVE-2022-31110