Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:33972
HistoryJan 31, 2022 - 9:39 p.m.

Server-Side Request Forgery (SSRF)

2022-01-3121:39:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
calibreweb vulnerability
ssrf
_delete_user function
admin.py
localhost url
book cover

EPSS

0.003

Percentile

66.1%

calibreweb is vulnerable to server-side request forgery. The vulnerability exists in _delete_user function of admin.py due to lack of validation which allows an attacker to fetch localhost URL and upload a book cover.

Affected configurations

Vulners
Node
calibrewebRange0.6.15
VendorProductVersionCPE
*calibreweb*cpe:2.3:a:*:calibreweb:*:*:*:*:*:*:*:*

EPSS

0.003

Percentile

66.1%

Related for VERACODE:33972