You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.
Patches
It has been patched in 3.1.1 and has been backported to 2.6.1
There is no patch for hummus
Workarounds
Do not process files from untrusted sources or update.
Replace hummus with muhammara
Impact
The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.
Patches
It has been patched in 3.1.1 and has been backported to 2.6.1
There is no patch for hummus
Workarounds
Do not process files from untrusted sources or update.
Replace hummus with muhammara
References
https://nvd.nist.gov/vuln/detail/CVE-2022-25892
galkahana/HummusJS#463
#214
1890fb5
90b278d
https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138
https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320