High severityNVD Advisory· Published Nov 1, 2022· Updated May 6, 2025
Denial of Service (DoS)
CVE-2022-25892
Description
The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
muhammaranpm | < 2.6.1 | 2.6.1 |
muhammaranpm | >= 3.0.0, < 3.1.1 | 3.1.1 |
hummusnpm | < 1.0.111 | 1.0.111 |
Affected products
3- hummus/hummusdescription
- ghsa-coords2 versions
< 1.0.111+ 1 more
- (no CPE)range: < 1.0.111
- (no CPE)range: < 2.6.1
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-9cv5-4wqv-9w94ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-25892ghsaADVISORY
- github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159aghsaWEB
- github.com/galkahana/HummusJS/issues/463ghsaWEB
- github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002ghsaWEB
- github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51ghsaWEB
- github.com/julianhille/MuhammaraJS/issues/214ghsaWEB
- github.com/julianhille/MuhammaraJS/security/advisories/GHSA-f64j-4x74-p42mghsaWEB
- security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138ghsaWEB
- security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320ghsaWEB
News mentions
0No linked articles in our index yet.