Home > Vulnerability Database > CVE-2023-22493

Mend.io Vulnerability Database

CVE-2023-22493

Good to know:

Date: January 13, 2023

RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf.

Language: JS

Severity Score

7.5

Related Resources (5)

Url: https://github.com/DIYgod/RSSHub/pull/11588

Url: https://github.com/DIYgod/RSSHub/commit/a66cbcf6eebc700bf97ab097f404f16ab415506a

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-22493

Url: https://github.com/DIYgod/RSSHub/security/advisories/GHSA-64wp-jh9p-5cg2

Url: https://www.mend.io/vulnerability-database/CVE-2023-22493

Severity Score

7.5

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version rsshub - 1.0.0-master.a66cbcf

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-22493

Good to know:

Date: January 13, 2023

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?