Generation of Error Message Containing Sensitive Information in janeczku/calibre-web

A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they d...

GHSA-M982-H4F8-G4HF Generation of Error Message Containing Sensitive Information in janeczku/calibre-web

A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they d...

CVE-2021-3986

A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they d...

Calibre-Web 访问控制错误漏洞

Calibre-Web is a web application for browsing, reading, and downloading eBooks from the Calibre database by Jan B, an individual developer. An access control error vulnerability exists in Calibre-Web that stems from the createshelf method in shelf.py not verifying that a user has the required...

Authorization Bypass

calibreweb is vulnerable to authorization bypass. The vulnerability exists in createeditshelf function in shelf.py because the server doesn't properly validate the user permissions which allows an attacker to create and modify public and private shelves...

Privilege Escalation

calibreweb is vulnerable to privilege escalation. The vulnerability exists due to the lack of permission checks in the createeditshelf function of shelf.py, allowing an attacker to create a public shelf without having permission...