Server-Side Request Forgery in calibreweb · CVE-2022-0339 · GitHub Advisory Database · GitHub

Server-Side Request Forgery in calibreweb

Moderate severity GitHub Reviewed Published Feb 1, 2022 to the GitHub Advisory Database • Updated Sep 13, 2024

Package

calibreweb (pip)

Affected versions

< 0.6.16

Patched versions

0.6.16

Description

calibreweb prior to version 0.6.16 contains a Server-Side Request Forgery (SSRF) vulnerability.

References

Published by the National Vulnerability Database

Jan 30, 2022

Reviewed Jan 31, 2022

Published to the GitHub Advisory Database Feb 1, 2022

Last updated Sep 13, 2024

Severity

Moderate

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required None

User interaction Passive

Vulnerable System Impact Metrics

Confidentiality None

Integrity None

Availability None

Subsequent System Impact Metrics

Confidentiality Low

Integrity Low

Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N