Uncontrolled Resource Consumption
CVE-2022-31110
Summary
RSSHub is an open source, extensible RSS feed generator. Versions 1.0.0 through 1.0.0-master.041cfc3 passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. This results in an impact on the performance of the servers and RSSHub services which may lead to a denial of service. This issue has been fixed in version 1.0.0-master.5c41774 and all users are advised to upgrade. There are no known workarounds for this issue.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-400 - Uncontrolled resource consumption
An uncontrolled resource allocation attack (also known as resource exhaustion attack) triggers unauthorized overconsumption of the limited resources in an application, such as memory, file system storage, database connection pool entries, and CPU. This may lead to denial of service for valid users and degradation of the application's functionality as well as that of the host operating system.
Advisory Timeline
- Published
