5 matches found
PYSEC-2026-304 Server-Side Request Forgery in calibreweb
calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery SSRF. This is due to an incomplete fix for CVE-2022-0339. The blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost...
GHSA-2647-C639-QV2J Server-Side Request Forgery in calibreweb
calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery SSRF. This is due to an incomplete fix for CVE-2022-0339. The blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost...
CVE-2022-0339
creationtimestamp| type| source ---|---|--- 2022-02-28 07:25:18+00:00| seen| https://t.me/cibsecurity/36568...
CVE-2022-0339
CVE-2022-0339 is a Server-Side Request Forgery (SSRF) flaw affecting calibreweb. The connected sources indicate calibreweb prior to version 0.6.16 is vulnerable, with references noting an incomplete fix for the CVE and a blacklist weakness (0.0.0.0) that could resolve to localhost. Several adviso...
CVE-2022-0339 Server-Side Request Forgery (SSRF) in janeczku/calibre-web
Server-Side Request Forgery SSRF in Pypi calibreweb prior to 0.6.16...