Lucene search
MitreCVE-2023-46303HistoryOct 22, 2023 - 6:15 p.m.
CVE-2023-46303
2023-10-2218:15:08
CWE-918
mitre
web.nvd.nist.gov
26
calibre
cve-2023-46303
security
nvd
ebooks
conversion
plugins
html_input
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
22.5%
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.
Affected configurations
Node
calibre-ebookcalibreRange<6.19.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| calibre-ebook | calibre | * | cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2023-10-22 18:15:00
ubuntucve
ubuntucve
CVE-2023-46303
2023-10-22 00:00:00
osv
osv
CVE-2023-46303
2023-10-22 18:15:08
calibre - security update
2024-09-02 00:00:00
cvelist
cvelist
CVE-2023-46303
2023-10-22 00:00:00
nvd
nvd
CVE-2023-46303
2023-10-22 18:15:08
debiancve
debiancve
CVE-2023-46303
2023-10-22 18:15:08
veracode
veracode
Improper Authorization
2023-10-27 07:09:15
vulnrichment
vulnrichment
CVE-2023-46303
2023-10-22 00:00:00
nessus
nessus
Debian dla-3862 : calibre - security update
2024-09-02 00:00:00
GLSA-202409-04 : calibre: Multiple Vulnerabilities
2024-09-22 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3862-1)
2024-09-03 00:00:00
gentoo
gentoo
calibre: Multiple Vulnerabilities
2024-09-22 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
22.5%
Related for CVE-2023-46303