GitHub Advisory DatabaseGHSA-FRP9-2V6R-GJ97muhammara and hummus vulnerable to null pointer dereference on bad response object
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
58.5%
The package muhammara before 2.6.0 and the package hummus before 1.0.111 are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hummus_project | hummus | * | cpe:2.3:a:hummus_project:hummus:*:*:*:*:*:node.js:*:* |
| muhammara_project | muhammara | * | cpe:2.3:a:muhammara_project:muhammara:*:*:*:*:*:*:*:* |
References
github.com/advisories/GHSA-frp9-2v6r-gj97
github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a
github.com/galkahana/HummusJS/issues/439
github.com/julianhille/MuhammaraJS/commit/0a6427eec82ef2978995e453de2dc0d6224dd46c
github.com/julianhille/MuhammaraJS/issues/188
nvd.nist.gov/vuln/detail/CVE-2022-25885
security.snyk.io/vuln/SNYK-JS-HUMMUS-3091139
security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3091137
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
58.5%