Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1oNjVnLWpmcWctMnc2bc0wtg

Critical EPSS: 0.00187% (0.41049 Percentile) EPSS:
Permalink JSON

Server-Side Request Forgery in calibreweb

Affected Packages Affected Versions Fixed Versions
pypi:calibreweb < 0.6.17 0.6.17
0 Dependent packages
1 Dependent repositories
3,036 Downloads last month

Affected Version Ranges

All affected versions

0.6.12, 0.6.13, 0.6.14, 0.6.15, 0.6.16

All unaffected versions

0.6.17, 0.6.18, 0.6.19, 0.6.20, 0.6.21, 0.6.22, 0.6.23, 0.6.24

calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery (SSRF). This is a result of incomplete SSRF protection that can be bypassed via an HTTP redirect. An HTTP server set up to respond with a 302 redirect may redirect a request to localhost.

References:

Identifiers

GHSA-h65g-jfqg-2w6m

CVE-2022-0767

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00187

EPSS Percentile: 0.41049

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/janeczku/calibre-web

Date and time

Published

over 3 years ago

Updated

almost 2 years ago

API

JSON