4 matches found
CVE-2021-21278
RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 non-semantic versioning there is a risk of code injection. Some routes use eval or Function constructor, which may be injected by the target site with unsafe code, causing server-side securi...
CVE-2021-21278
creationtimestamp| type| source ---|---|--- 2021-01-27 00:36:35+00:00| seen| https://t.me/cibsecurity/22684...
CVE-2021-21278
RSSHub is affected by a code-injection vulnerability in which certain routes use eval or the Function constructor, allowing unsafe code to be injected by a target site. The root cause is unsafe dynamic code evaluation in specific routes. The fix (version 7f1c430) temporarily removes the problemat...
CVE-2021-21278 Risk of code injection in RSSHub
RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 non-semantic versioning there is a risk of code injection. Some routes use eval or Function constructor, which may be injected by the target site with unsafe code, causing server-side securi...