Search

Find a vulnerability

Search criteria

    34 vulnerabilities found for janeczku/calibre-web by janeczku

    CVE-2021-3988 (GCVE-0-2021-3988)

    Vulnerability from nvd – Published: 2024-11-15 10:52 – Updated: 2024-11-20 22:35
    VLAI
    Title
    Cross-site Scripting (XSS) in janeczku/calibre-web
    Summary
    A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization, allowing attackers to execute arbitrary JavaScript code. This can lead to various attacks, including stealing cookies. The issue is present in the code handling the `#btn-upload-cover` change event.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , ≤ latest (custom)
    Create a notification for this product.
    janeczku calibre-web Affected: 0 , < 0.6.15 (custom)
        cpe:2.3:a:janeczku:calibre-web:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:janeczku:calibre-web:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "calibre-web",
                "vendor": "janeczku",
                "versions": [
                  {
                    "lessThan": "0.6.15",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3988",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T22:31:41.647596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T22:35:15.693Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThanOrEqual": "latest",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization, allowing attackers to execute arbitrary JavaScript code. This can lead to various attacks, including stealing cookies. The issue is present in the code handling the `#btn-upload-cover` change event."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T10:57:13.347Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/fa4c8fd1-7846-4dad-9112-2c07461f0609"
            },
            {
              "url": "https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5"
            }
          ],
          "source": {
            "advisory": "fa4c8fd1-7846-4dad-9112-2c07461f0609",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) in janeczku/calibre-web"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2021-3988",
        "datePublished": "2024-11-15T10:52:39.637Z",
        "dateReserved": "2021-11-20T12:40:59.399Z",
        "dateUpdated": "2024-11-20T22:35:15.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3987 (GCVE-0-2021-3987)

    Vulnerability from nvd – Published: 2024-11-15 10:52 – Updated: 2024-11-15 18:28
    VLAI
    Title
    Improper Access Control in janeczku/calibre-web
    Summary
    An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , ≤ latest (custom)
    Create a notification for this product.
    calibre-web_project calibre-web Affected: 0 , < * (custom)
        cpe:2.3:a:calibre-web_project:calibre-web:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:calibre-web_project:calibre-web:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "calibre-web",
                "vendor": "calibre-web_project",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3987",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T18:27:02.281125Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T18:28:12.925Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThanOrEqual": "latest",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T10:57:09.048Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/29fcc091-87b6-43bc-ab4b-3c0bec3f71df"
            },
            {
              "url": "https://github.com/janeczku/calibre-web/commit/bcdc97641447965af486964537f3821f47b28874"
            }
          ],
          "source": {
            "advisory": "29fcc091-87b6-43bc-ab4b-3c0bec3f71df",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in janeczku/calibre-web"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2021-3987",
        "datePublished": "2024-11-15T10:52:29.478Z",
        "dateReserved": "2021-11-20T12:01:47.041Z",
        "dateUpdated": "2024-11-15T18:28:12.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3986 (GCVE-0-2021-3986)

    Vulnerability from nvd – Published: 2024-11-15 10:52 – Updated: 2024-11-15 18:31
    VLAI
    Title
    Information Disclosure in janeczku/calibre-web
    Summary
    A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , ≤ latest (custom)
    Create a notification for this product.
    calibre-web_project calibre-web Affected: 0 , < * (custom)
        cpe:2.3:a:calibre-web_project:calibre-web:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:calibre-web_project:calibre-web:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "calibre-web",
                "vendor": "calibre-web_project",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3986",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T18:30:20.257151Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T18:31:36.752Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThanOrEqual": "latest",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T10:57:16.135Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/394af194-61a7-4e33-b373-877d4c766fca"
            },
            {
              "url": "https://github.com/janeczku/calibre-web/commit/6f5390ead5df9779ac81fadefffb476e03f93548"
            }
          ],
          "source": {
            "advisory": "394af194-61a7-4e33-b373-877d4c766fca",
            "discovery": "EXTERNAL"
          },
          "title": "Information Disclosure in janeczku/calibre-web"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2021-3986",
        "datePublished": "2024-11-15T10:52:21.551Z",
        "dateReserved": "2021-11-20T11:08:36.338Z",
        "dateUpdated": "2024-11-15T18:31:36.752Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2106 (GCVE-0-2023-2106)

    Vulnerability from nvd – Published: 2023-04-15 00:00 – Updated: 2025-02-06 15:33
    VLAI
    Title
    Weak Password Requirements in janeczku/calibre-web
    Summary
    Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:12:20.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2106",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T15:32:47.898937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-521",
                    "description": "CWE-521 Weak Password Requirements",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T15:33:47.636Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-15T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
            },
            {
              "url": "https://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781"
            }
          ],
          "source": {
            "advisory": "c3d5c647-7557-40a9-aee4-24dc14882781",
            "discovery": "EXTERNAL"
          },
          "title": "Weak Password Requirements in janeczku/calibre-web"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2106",
        "datePublished": "2023-04-15T00:00:00.000Z",
        "dateReserved": "2023-04-15T00:00:00.000Z",
        "dateUpdated": "2025-02-06T15:33:47.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2525 (GCVE-0-2022-2525)

    Vulnerability from nvd – Published: 2023-04-15 00:00 – Updated: 2025-02-06 16:02
    VLAI
    Title
    Improper Restriction of Excessive Authentication Attempts in janeczku/calibre-web
    Summary
    Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:39:07.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2525",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T16:02:14.757050Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-307",
                    "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T16:02:55.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-15T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0"
            },
            {
              "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
            }
          ],
          "source": {
            "advisory": "9ff87820-c14c-4454-9764-406496254ef0",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Restriction of Excessive Authentication Attempts in janeczku/calibre-web"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2525",
        "datePublished": "2023-04-15T00:00:00.000Z",
        "dateReserved": "2022-07-24T00:00:00.000Z",
        "dateUpdated": "2025-02-06T16:02:55.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0990 (GCVE-0-2022-0990)

    Vulnerability from nvd – Published: 2022-04-04 17:50 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.18 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.18",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-04T17:50:17.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5"
            }
          ],
          "source": {
            "advisory": "31649903-c19c-4dae-aee0-a04b095855c5",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0990",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
                },
                {
                  "name": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5"
                }
              ]
            },
            "source": {
              "advisory": "31649903-c19c-4dae-aee0-a04b095855c5",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0990",
        "datePublished": "2022-04-04T17:50:17.000Z",
        "dateReserved": "2022-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0939 (GCVE-0-2022-0939)

    Vulnerability from nvd – Published: 2022-04-04 09:40 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.18 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.285Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.18",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-04T09:40:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
            }
          ],
          "source": {
            "advisory": "768fd7e2-a767-4d8d-a517-e9dda849c6e4",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0939",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
                }
              ]
            },
            "source": {
              "advisory": "768fd7e2-a767-4d8d-a517-e9dda849c6e4",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0939",
        "datePublished": "2022-04-04T09:40:10.000Z",
        "dateReserved": "2022-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0406 (GCVE-0-2022-0406)

    Vulnerability from nvd – Published: 2022-04-03 19:05 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Improper Authorization in janeczku/calibre-web
    Summary
    Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-03T19:05:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706"
            }
          ],
          "source": {
            "advisory": "d7498799-4797-4751-b5e2-b669e729d5db",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Authorization in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0406",
              "STATE": "PUBLIC",
              "TITLE": "Improper Authorization in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706"
                }
              ]
            },
            "source": {
              "advisory": "d7498799-4797-4751-b5e2-b669e729d5db",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0406",
        "datePublished": "2022-04-03T19:05:10.000Z",
        "dateReserved": "2022-01-28T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0405 (GCVE-0-2022-0405)

    Vulnerability from nvd – Published: 2022-04-03 18:30 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Improper Access Control in janeczku/calibre-web
    Summary
    Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.394Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-03T18:30:15.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe"
            }
          ],
          "source": {
            "advisory": "370538f6-5312-4c15-9fc0-b4c36ac236fe",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0405",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
                },
                {
                  "name": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe"
                }
              ]
            },
            "source": {
              "advisory": "370538f6-5312-4c15-9fc0-b4c36ac236fe",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0405",
        "datePublished": "2022-04-03T18:30:15.000Z",
        "dateReserved": "2022-01-28T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0767 (GCVE-0-2022-0767)

    Vulnerability from nvd – Published: 2022-03-07 07:05 – Updated: 2024-08-02 23:40
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.17 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:03.721Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T07:05:11.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
            }
          ],
          "source": {
            "advisory": "b26fc127-9b6a-4be7-a455-58aefbb62d9e",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0767",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
                }
              ]
            },
            "source": {
              "advisory": "b26fc127-9b6a-4be7-a455-58aefbb62d9e",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0767",
        "datePublished": "2022-03-07T07:05:11.000Z",
        "dateReserved": "2022-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:03.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0766 (GCVE-0-2022-0766)

    Vulnerability from nvd – Published: 2022-03-07 07:05 – Updated: 2024-08-02 23:40
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.17 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:03.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T07:05:19.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b"
            }
          ],
          "source": {
            "advisory": "7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0766",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
                },
                {
                  "name": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b"
                }
              ]
            },
            "source": {
              "advisory": "7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0766",
        "datePublished": "2022-03-07T07:05:19.000Z",
        "dateReserved": "2022-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:03.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0339 (GCVE-0-2022-0339)

    Vulnerability from nvd – Published: 2022-01-30 13:17 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-30T13:17:54.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
            }
          ],
          "source": {
            "advisory": "499688c4-6ac4-4047-a868-7922c3eab369",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0339",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
                }
              ]
            },
            "source": {
              "advisory": "499688c4-6ac4-4047-a868-7922c3eab369",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0339",
        "datePublished": "2022-01-30T13:17:54.000Z",
        "dateReserved": "2022-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0273 (GCVE-0-2022-0273)

    Vulnerability from nvd – Published: 2022-01-30 13:21 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Improper Access Control in janeczku/calibre-web
    Summary
    Improper Access Control in Pypi calibreweb prior to 0.6.16.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in Pypi calibreweb prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-30T13:21:51.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf"
            }
          ],
          "source": {
            "advisory": "8f27686f-d698-4ab6-8ef0-899125792f13",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0273",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control in Pypi calibreweb prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf"
                }
              ]
            },
            "source": {
              "advisory": "8f27686f-d698-4ab6-8ef0-899125792f13",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0273",
        "datePublished": "2022-01-30T13:21:51.000Z",
        "dateReserved": "2022-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0352 (GCVE-0-2022-0352)

    Vulnerability from nvd – Published: 2022-01-28 21:29 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web
    Summary
    Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-28T21:29:15.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1"
            }
          ],
          "source": {
            "advisory": "a577ff17-2ded-4c41-84ae-6ac02440f717",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0352",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1"
                }
              ]
            },
            "source": {
              "advisory": "a577ff17-2ded-4c41-84ae-6ac02440f717",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0352",
        "datePublished": "2022-01-28T21:29:15.000Z",
        "dateReserved": "2022-01-24T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4164 (GCVE-0-2021-4164)

    Vulnerability from nvd – Published: 2022-01-17 12:35 – Updated: 2024-08-03 17:16
    VLAI
    Title
    Cross-Site Request Forgery (CSRF) in janeczku/calibre-web
    Summary
    calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.257Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-17T12:35:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30"
            }
          ],
          "source": {
            "advisory": "2debace1-a0f3-45c1-95fa-9d0512680758",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-Site Request Forgery (CSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2021-4164",
              "STATE": "PUBLIC",
              "TITLE": "Cross-Site Request Forgery (CSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30"
                }
              ]
            },
            "source": {
              "advisory": "2debace1-a0f3-45c1-95fa-9d0512680758",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2021-4164",
        "datePublished": "2022-01-17T12:35:10.000Z",
        "dateReserved": "2021-12-24T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:04.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3988 (GCVE-0-2021-3988)

    Vulnerability from cvelistv5 – Published: 2024-11-15 10:52 – Updated: 2024-11-20 22:35
    VLAI
    Title
    Cross-site Scripting (XSS) in janeczku/calibre-web
    Summary
    A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization, allowing attackers to execute arbitrary JavaScript code. This can lead to various attacks, including stealing cookies. The issue is present in the code handling the `#btn-upload-cover` change event.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , ≤ latest (custom)
    Create a notification for this product.
    janeczku calibre-web Affected: 0 , < 0.6.15 (custom)
        cpe:2.3:a:janeczku:calibre-web:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:janeczku:calibre-web:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "calibre-web",
                "vendor": "janeczku",
                "versions": [
                  {
                    "lessThan": "0.6.15",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3988",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T22:31:41.647596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T22:35:15.693Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThanOrEqual": "latest",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization, allowing attackers to execute arbitrary JavaScript code. This can lead to various attacks, including stealing cookies. The issue is present in the code handling the `#btn-upload-cover` change event."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T10:57:13.347Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/fa4c8fd1-7846-4dad-9112-2c07461f0609"
            },
            {
              "url": "https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5"
            }
          ],
          "source": {
            "advisory": "fa4c8fd1-7846-4dad-9112-2c07461f0609",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) in janeczku/calibre-web"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2021-3988",
        "datePublished": "2024-11-15T10:52:39.637Z",
        "dateReserved": "2021-11-20T12:40:59.399Z",
        "dateUpdated": "2024-11-20T22:35:15.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3987 (GCVE-0-2021-3987)

    Vulnerability from cvelistv5 – Published: 2024-11-15 10:52 – Updated: 2024-11-15 18:28
    VLAI
    Title
    Improper Access Control in janeczku/calibre-web
    Summary
    An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , ≤ latest (custom)
    Create a notification for this product.
    calibre-web_project calibre-web Affected: 0 , < * (custom)
        cpe:2.3:a:calibre-web_project:calibre-web:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:calibre-web_project:calibre-web:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "calibre-web",
                "vendor": "calibre-web_project",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3987",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T18:27:02.281125Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T18:28:12.925Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThanOrEqual": "latest",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T10:57:09.048Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/29fcc091-87b6-43bc-ab4b-3c0bec3f71df"
            },
            {
              "url": "https://github.com/janeczku/calibre-web/commit/bcdc97641447965af486964537f3821f47b28874"
            }
          ],
          "source": {
            "advisory": "29fcc091-87b6-43bc-ab4b-3c0bec3f71df",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in janeczku/calibre-web"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2021-3987",
        "datePublished": "2024-11-15T10:52:29.478Z",
        "dateReserved": "2021-11-20T12:01:47.041Z",
        "dateUpdated": "2024-11-15T18:28:12.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3986 (GCVE-0-2021-3986)

    Vulnerability from cvelistv5 – Published: 2024-11-15 10:52 – Updated: 2024-11-15 18:31
    VLAI
    Title
    Information Disclosure in janeczku/calibre-web
    Summary
    A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , ≤ latest (custom)
    Create a notification for this product.
    calibre-web_project calibre-web Affected: 0 , < * (custom)
        cpe:2.3:a:calibre-web_project:calibre-web:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:calibre-web_project:calibre-web:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "calibre-web",
                "vendor": "calibre-web_project",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3986",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T18:30:20.257151Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T18:31:36.752Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThanOrEqual": "latest",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T10:57:16.135Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntr_ai"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/394af194-61a7-4e33-b373-877d4c766fca"
            },
            {
              "url": "https://github.com/janeczku/calibre-web/commit/6f5390ead5df9779ac81fadefffb476e03f93548"
            }
          ],
          "source": {
            "advisory": "394af194-61a7-4e33-b373-877d4c766fca",
            "discovery": "EXTERNAL"
          },
          "title": "Information Disclosure in janeczku/calibre-web"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntr_ai",
        "cveId": "CVE-2021-3986",
        "datePublished": "2024-11-15T10:52:21.551Z",
        "dateReserved": "2021-11-20T11:08:36.338Z",
        "dateUpdated": "2024-11-15T18:31:36.752Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2525 (GCVE-0-2022-2525)

    Vulnerability from cvelistv5 – Published: 2023-04-15 00:00 – Updated: 2025-02-06 16:02
    VLAI
    Title
    Improper Restriction of Excessive Authentication Attempts in janeczku/calibre-web
    Summary
    Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:39:07.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2525",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T16:02:14.757050Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-307",
                    "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T16:02:55.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-15T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0"
            },
            {
              "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
            }
          ],
          "source": {
            "advisory": "9ff87820-c14c-4454-9764-406496254ef0",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Restriction of Excessive Authentication Attempts in janeczku/calibre-web"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2525",
        "datePublished": "2023-04-15T00:00:00.000Z",
        "dateReserved": "2022-07-24T00:00:00.000Z",
        "dateUpdated": "2025-02-06T16:02:55.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2106 (GCVE-0-2023-2106)

    Vulnerability from cvelistv5 – Published: 2023-04-15 00:00 – Updated: 2025-02-06 15:33
    VLAI
    Title
    Weak Password Requirements in janeczku/calibre-web
    Summary
    Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:12:20.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2106",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T15:32:47.898937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-521",
                    "description": "CWE-521 Weak Password Requirements",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T15:33:47.636Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-15T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
            },
            {
              "url": "https://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781"
            }
          ],
          "source": {
            "advisory": "c3d5c647-7557-40a9-aee4-24dc14882781",
            "discovery": "EXTERNAL"
          },
          "title": "Weak Password Requirements in janeczku/calibre-web"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2106",
        "datePublished": "2023-04-15T00:00:00.000Z",
        "dateReserved": "2023-04-15T00:00:00.000Z",
        "dateUpdated": "2025-02-06T15:33:47.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0990 (GCVE-0-2022-0990)

    Vulnerability from cvelistv5 – Published: 2022-04-04 17:50 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.18 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.18",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-04T17:50:17.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5"
            }
          ],
          "source": {
            "advisory": "31649903-c19c-4dae-aee0-a04b095855c5",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0990",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
                },
                {
                  "name": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5"
                }
              ]
            },
            "source": {
              "advisory": "31649903-c19c-4dae-aee0-a04b095855c5",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0990",
        "datePublished": "2022-04-04T17:50:17.000Z",
        "dateReserved": "2022-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0939 (GCVE-0-2022-0939)

    Vulnerability from cvelistv5 – Published: 2022-04-04 09:40 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.18 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.285Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.18",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-04T09:40:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
            }
          ],
          "source": {
            "advisory": "768fd7e2-a767-4d8d-a517-e9dda849c6e4",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0939",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
                }
              ]
            },
            "source": {
              "advisory": "768fd7e2-a767-4d8d-a517-e9dda849c6e4",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0939",
        "datePublished": "2022-04-04T09:40:10.000Z",
        "dateReserved": "2022-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0406 (GCVE-0-2022-0406)

    Vulnerability from cvelistv5 – Published: 2022-04-03 19:05 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Improper Authorization in janeczku/calibre-web
    Summary
    Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-03T19:05:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706"
            }
          ],
          "source": {
            "advisory": "d7498799-4797-4751-b5e2-b669e729d5db",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Authorization in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0406",
              "STATE": "PUBLIC",
              "TITLE": "Improper Authorization in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706"
                }
              ]
            },
            "source": {
              "advisory": "d7498799-4797-4751-b5e2-b669e729d5db",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0406",
        "datePublished": "2022-04-03T19:05:10.000Z",
        "dateReserved": "2022-01-28T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0405 (GCVE-0-2022-0405)

    Vulnerability from cvelistv5 – Published: 2022-04-03 18:30 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Improper Access Control in janeczku/calibre-web
    Summary
    Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.394Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-03T18:30:15.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe"
            }
          ],
          "source": {
            "advisory": "370538f6-5312-4c15-9fc0-b4c36ac236fe",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0405",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
                },
                {
                  "name": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe"
                }
              ]
            },
            "source": {
              "advisory": "370538f6-5312-4c15-9fc0-b4c36ac236fe",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0405",
        "datePublished": "2022-04-03T18:30:15.000Z",
        "dateReserved": "2022-01-28T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0766 (GCVE-0-2022-0766)

    Vulnerability from cvelistv5 – Published: 2022-03-07 07:05 – Updated: 2024-08-02 23:40
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.17 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:03.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T07:05:19.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b"
            }
          ],
          "source": {
            "advisory": "7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0766",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
                },
                {
                  "name": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b"
                }
              ]
            },
            "source": {
              "advisory": "7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0766",
        "datePublished": "2022-03-07T07:05:19.000Z",
        "dateReserved": "2022-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:03.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0767 (GCVE-0-2022-0767)

    Vulnerability from cvelistv5 – Published: 2022-03-07 07:05 – Updated: 2024-08-02 23:40
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.17 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:03.721Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T07:05:11.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
            }
          ],
          "source": {
            "advisory": "b26fc127-9b6a-4be7-a455-58aefbb62d9e",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0767",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
                }
              ]
            },
            "source": {
              "advisory": "b26fc127-9b6a-4be7-a455-58aefbb62d9e",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0767",
        "datePublished": "2022-03-07T07:05:11.000Z",
        "dateReserved": "2022-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:03.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0273 (GCVE-0-2022-0273)

    Vulnerability from cvelistv5 – Published: 2022-01-30 13:21 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Improper Access Control in janeczku/calibre-web
    Summary
    Improper Access Control in Pypi calibreweb prior to 0.6.16.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in Pypi calibreweb prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-30T13:21:51.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf"
            }
          ],
          "source": {
            "advisory": "8f27686f-d698-4ab6-8ef0-899125792f13",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0273",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control in Pypi calibreweb prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf"
                }
              ]
            },
            "source": {
              "advisory": "8f27686f-d698-4ab6-8ef0-899125792f13",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0273",
        "datePublished": "2022-01-30T13:21:51.000Z",
        "dateReserved": "2022-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0339 (GCVE-0-2022-0339)

    Vulnerability from cvelistv5 – Published: 2022-01-30 13:17 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-30T13:17:54.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
            }
          ],
          "source": {
            "advisory": "499688c4-6ac4-4047-a868-7922c3eab369",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0339",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
                }
              ]
            },
            "source": {
              "advisory": "499688c4-6ac4-4047-a868-7922c3eab369",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0339",
        "datePublished": "2022-01-30T13:17:54.000Z",
        "dateReserved": "2022-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0352 (GCVE-0-2022-0352)

    Vulnerability from cvelistv5 – Published: 2022-01-28 21:29 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web
    Summary
    Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-28T21:29:15.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1"
            }
          ],
          "source": {
            "advisory": "a577ff17-2ded-4c41-84ae-6ac02440f717",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0352",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1"
                }
              ]
            },
            "source": {
              "advisory": "a577ff17-2ded-4c41-84ae-6ac02440f717",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0352",
        "datePublished": "2022-01-28T21:29:15.000Z",
        "dateReserved": "2022-01-24T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4164 (GCVE-0-2021-4164)

    Vulnerability from cvelistv5 – Published: 2022-01-17 12:35 – Updated: 2024-08-03 17:16
    VLAI
    Title
    Cross-Site Request Forgery (CSRF) in janeczku/calibre-web
    Summary
    calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.257Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-17T12:35:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30"
            }
          ],
          "source": {
            "advisory": "2debace1-a0f3-45c1-95fa-9d0512680758",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-Site Request Forgery (CSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2021-4164",
              "STATE": "PUBLIC",
              "TITLE": "Cross-Site Request Forgery (CSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30"
                }
              ]
            },
            "source": {
              "advisory": "2debace1-a0f3-45c1-95fa-9d0512680758",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2021-4164",
        "datePublished": "2022-01-17T12:35:10.000Z",
        "dateReserved": "2021-12-24T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:04.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }