npm package
muhammara
pkg:npm/muhammara
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-41957 | — | >= 3.0.0, < 3.4.0 | 3.4.0 | Nov 28, 2022 | Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service (DoS) when | ||
| CVE-2022-39381 | — | < 2.6.0 | 2.6.0 | Nov 2, 2022 | Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously cra | ||
| CVE-2022-25885 | — | < 2.6.0 | 2.6.0 | Nov 1, 2022 | The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data. | ||
| CVE-2022-25892 | — | < 2.6.1 | 2.6.1 | Nov 1, 2022 | The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. |
- CVE-2022-41957Nov 28, 2022affected >= 3.0.0, < 3.4.0fixed 3.4.0
Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service (DoS) when
- CVE-2022-39381Nov 2, 2022affected < 2.6.0fixed 2.6.0
Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously cra
- CVE-2022-25885Nov 1, 2022affected < 2.6.0fixed 2.6.0
The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.
- CVE-2022-25892Nov 1, 2022affected < 2.6.1fixed 2.6.1
The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.