PT-2024-32460 · Rsshub · Rsshub

Name of the Vulnerable Software and Affected Versions: RSSHub versions prior to commit 64e00e7 Description: RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have led to a full repository takeover. The workflow gets triggered when the PR - Docker build test...

RSSHub 输入验证错误漏洞

RSSHub is the world's largest RSS network open-sourced by DIYgod, consisting of over 5000 global instances. RSSHub suffers from an input validation error vulnerability that stems from the vulnerability of RSSHub's docker-test-cont.yml workflow to a poisoning attack, which could lead to a takeover...