3 matches found
CVE-2021-3987
creationtimestamp| type| source ---|---|--- 2024-11-15 11:09:17+00:00| seen| https://infosec.exchange/users/cve/statuses/113486656767538877 2024-11-15 13:15:49+00:00| seen| https://t.me/cvedetector/11070...
CVE-2021-3987 Improper Access Control in janeczku/calibre-web
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the createshelf method in shelf.py not verifying if the user has the necessary permissions to create a...
CVE-2021-3987
CVE-2021-3987 (janeczku/calibre-web) is an improper access control flaw where the public shelf creation path (shelf.py: create_shelf) does not verify user permissions, allowing low-privilege users to create public shelves and perform unauthorized actions. Public disclosures in multiple feeds corr...