CVE-2024-27926

Name of the Vulnerable Software and Affected Versions RSSHub versions 1.0.0-master.cbbd829 through 1.0.0-master.d8ca915

Description RSSHub is an open source RSS feed generator. When a specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected.

Recommendations For versions 1.0.0-master.cbbd829 through 1.0.0-master.d8ca915, please upgrade to version 1.0.0-master.d8ca915 or a later version to fix the issue. As a temporary workaround, consider restricting access to the internal media proxy until a patch is applied.