VYPR

npm package

hummus

pkg:npm/hummus

Vulnerabilities (4)

  • CVE-2022-41957Nov 28, 2022
    affected >= 0

    Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service (DoS) when

  • CVE-2022-39381Nov 2, 2022
    affected < 1.0.111fixed 1.0.111

    Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously cra

  • CVE-2022-25885Nov 1, 2022
    affected >= 1.0.0, < 1.0.111fixed 1.0.111

    The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.

  • CVE-2022-25892Nov 1, 2022
    affected < 1.0.111fixed 1.0.111

    The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.