5 matches found
CVE-2022-0767
Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...
Server-Side Request Forgery (SSRF)
Description The fixes for CVE-2022-0767 & CVE-2022-0766 only address loopback/localhost IP addresses, this is an issue as other internal endpoints may be accessible to an attacker one of the most popular examples is 169.254.169.254 which is the AWS metadata address Proof of Concept The same as...
CVE-2022-0767 Server-Side Request Forgery (SSRF) in janeczku/calibre-web
Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...
CVE-2022-0767
The CVE-2022-0767 entry describes a Server-Side Request Forgery (SSRF) in janeczku/calibre-web, prior to version 0.6.17. Connected sources indicate the root cause is incomplete SSRF protection that can be bypassed via HTTP redirects to internal endpoints (e.g., localhost); some analyses also note...
CVE-2022-0767 Server-Side Request Forgery (SSRF) in janeczku/calibre-web
Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...