EPSS
Percentile
97.1%
tt-rss is vulnerable to arbitrary code execution. Lack of URL validation before requests are made allows an attacker to potentially obtain arbitrary code execution on the host OS.
packetstormsecurity.com/files/161606/TinyTinyRSS-Remote-Code-Execution.html
community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
security-tracker.debian.org/tracker/CVE-2020-25787