Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-21278

Good to know:

icon

Date: January 26, 2021

RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues The fix in version 7f1c430 is to temporarily remove the problematic route and added a `no-new-func` rule to eslint.

Language: JS

Severity Score

Related Resources (6)

https://www.npmjs.com/package/rsshub
https://nvd.nist.gov/vuln/detail/CVE-2021-21278
https://github.com/DIYgod/RSSHub/commit/7f1c43094e8a82e4d8f036ff7d42568fed00699d
https://github.com/DIYgod/RSSHub/security/advisories/GHSA-pgjj-866w-fc5c
https://github.com/DIYgod/RSSHub
https://www.mend.io/vulnerability-database/CVE-2021-21278

Severity Score

Weakness Type (CWE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

Top Fix

icon

Upgrade Version

Upgrade to version rsshub - 1.0.0-master.b0f950f;rsshub - 1.0.0-master.a16f1a6;rsshub - 1.0.0-master.bb524fb;rsshub - 1.0.0-master.a0f01e6;rsshub - 1.0.0-master.b53f0f0;rsshub - 1.0.0-master.b2e533a;rsshub - 1.0.0-master.b6e1cf2;rsshub - 1.0.0-master.b9f6142;rsshub - 1.0.0-master.a45d2b4;rsshub - 1.0.0-master.bb9c804;rsshub - 1.0.0-master.ade6b21;rsshub - 1.0.0-master.aecdcd9;rsshub - 1.0.0-master.a2ca21a;rsshub - 1.0.0-master.b7b64b2;rsshub - 1.0.0-master.a32f949;rsshub - 1.0.0-master.b72d35f;rsshub - 1.0.0-master.a6b0803;rsshub - 1.0.0-master.adbe01d;rsshub - 1.0.0-master.b4c1b2a;rsshub - 1.0.0-master.a555b17;rsshub - 1.0.0-master.a69dfac;rsshub - 1.0.0-master.b0253d0;rsshub - 1.0.0-master.a9caa10;rsshub - 1.0.0-master.b5e0223;rsshub - 1.0.0-master.a1644ac;rsshub - 1.0.0-master.bab09f9;rsshub - 1.0.0-master.a41cfc7;rsshub - 1.0.0-master.ab71907;rsshub - 1.0.0-master.acf59ee;rsshub - 1.0.0-master.b22d4c0;rsshub - 1.0.0-master.bcef9b2;rsshub - 1.0.0-master.a31ee13;rsshub - 1.0.0-master.bbb753b;rsshub - 1.0.0-master.afb7554;rsshub - 1.0.0-master.ad74376;rsshub - 1.0.0-master.af82175;rsshub - 1.0.0-master.a652e7b;rsshub - 1.0.0-master.b857abc;rsshub - 1.0.0-master.ada7037;rsshub - 1.0.0-master.a0ea082;rsshub - 1.0.0-master.a4c1639;rsshub - 1.0.0-master.b0eac49;rsshub - 1.0.0-master.a5a3afa;rsshub - 1.0.0-master.b9e94f0;rsshub - 1.0.0-master.a23910e;rsshub - 1.0.0-master.a8058f2;rsshub - 1.0.0-master.afcd21b;rsshub - 1.0.0-master.b9771bd;rsshub - 1.0.0-master.ab2f618;rsshub - 1.0.0-master.b9e370f;rsshub - 1.0.0-master.b1af9b8;rsshub - 1.0.0-master.a51cc04;rsshub - 1.0.0-master.aef6aa8;rsshub - 1.0.0-master.b26a704;rsshub - no_fix;rsshub - 1.0.0-master.a948dac;rsshub - 1.0.0-master.ae66123;rsshub - 1.0.0-master.afe6a78;rsshub - 1.0.0-master.b273cf0;rsshub - 1.0.0-master.aa5d2d9;rsshub - 1.0.0-master.a48ec3c;rsshub - 1.0.0-master.abd651d;rsshub - 1.0.0-master.bc75193;rsshub - 1.0.0-master.a3057d7;rsshub - 1.0.0-master.b60a11e;rsshub - 1.0.0-master.abc1a57;rsshub - 1.0.0-master.aedf5c8;rsshub - 1.0.0-master.ab884a2;rsshub - 1.0.0-master.b3d8bc8;rsshub - 1.0.0-master.b49df67;rsshub - 1.0.0-master.a79cc20;rsshub - 1.0.0-master.ba198d0;rsshub - 1.0.0-master.b9ff661;rsshub - 1.0.0-master.b08045c;rsshub - 1.0.0-master.b01a7c7;rsshub - 1.0.0-master.b3be740;rsshub - 1.0.0-master.b12b135;rsshub - 1.0.0-master.a7c9154;rsshub - 1.0.0-master.b47839e;rsshub - 1.0.0-master.ba9891f;rsshub - 1.0.0-master.b6229bf;rsshub - 1.0.0-master.bdb0e12;rsshub - 1.0.0-master.adf40af;rsshub - 1.0.0-master.ae86fb8;rsshub - 1.0.0-master.179806;rsshub - 1.0.0-master.bb3924c;rsshub - 1.0.0-master.aea62bf;rsshub - 1.0.0-master.b8a46a1;rsshub - 1.0.0-master.b8c7278;rsshub - 1.0.0-master.bcef9b2;rsshub - 1.0.0-master.bcc2a05

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us