GMS-2022-2614: Denial of Service (DoS) vulnerability in RSSHub

June 23, 2022

Impact

Passing some special values to the filter and filterout parameters can cause an abnormally high CPU. Impact on the performance of the servers and RSSHub services.

Patches

It is fixed in 5c4177441417b44a6e45c3c63e9eac2504abeb5b, please update to this or the later versions as soon as possible.

Credits

@Rongronggg9

References

A full report will be disclosed after 120 hours.

For more information

If you have any questions or comments about this advisory:

Open an issue in https://github.com/DIYgod/RSSHub/issues
Email us at i@diygod.me

References

github.com/DIYgod/RSSHub/commit/4671720f4c5e1aaaad8fcc1dce684b6546baf2ff
github.com/DIYgod/RSSHub/commit/5c4177441417b44a6e45c3c63e9eac2504abeb5b
github.com/DIYgod/RSSHub/security/advisories/GHSA-jvxx-v45p-v5vf
github.com/advisories/GHSA-jvxx-v45p-v5vf

Detect and mitigate GMS-2022-2614 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →