CVE-2021-21278: Injection Vulnerability

January 26, 2021 (updated February 4, 2021)

RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub, there is a risk of code injection. Some routes use eval or Function constructor, which may be injected by the target site with unsafe code, causing server-side security issues.

References

nvd.nist.gov/vuln/detail/CVE-2021-21278

Detect and mitigate CVE-2021-21278 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →