GHSA-2647-C639-QV2J Server-Side Request Forgery in calibreweb

calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery SSRF. This is due to an incomplete fix for CVE-2022-0339. The blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost...

CVE-2022-0767

Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...

CVE-2022-0766

Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...

PT-2012-3956 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 0.6.17 Node.js versions prior to 0.7.8 Description: The issue allows remote attackers to obtain sensitive information, such as request header contents, and possibly spoof HTTP headers via a zero-length string. This i...

HTTP Server Security Vulnerability: Please upgrade to 0.6.17

HTTP Server Security Vulnerability: Please upgrade to 0.6.17 tl;dr A carefully crafted attack request can cause the contents of the HTTP parser's buffer to be appended to the attacking request's header, making it appear to come from the attacker. Since it is generally safe to echo back contents o...