CVE-2022-31110

Description

### Impact Passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. Impact on the performance of the servers and RSSHub services. ### Patches It is fixed in 5c4177441417b44a6e45c3c63e9eac2504abeb5b , please update to this or the later versions as soon as possible. ### References Full report: https://github.com/DIYgod/RSSHub/issues/10045 ### For more information If you have any questions or comments about this advisory: * Open an issue in <https://github.com/DIYgod/RSSHub/issues> * Email us at [[email protected]](mailto:[email protected]) ### Credits @Rongronggg9

How to fix CVE-2022-31110

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• —no fix listed

Is CVE-2022-31110 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, <= 1.0.0

CVSS scores

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-31110
• PATCHgithub.com/DIYgod/RSSHub
• WEBgithub.com/DIYgod/RSSHub/commit/4671720f4c5e1aaaad8fcc1dce684b6546baf2ff
• WEBgithub.com/DIYgod/RSSHub/commit/5c4177441417b44a6e45c3c63e9eac2504abeb5b