Veracode Vulnerability DatabaseVERACODE:34573Server-Side Request Forgery (SSRF)
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
calibreweb is vulnerable to server-side request forgery. The vulnerability exists in the save_cover_from_url function in helper.py because the default redirections have not been addressed, allowing an attacker to bypass the URL redirection validation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| calibreweb | le | 0.6.16 | |
| calibreweb | le | 0.6.16 |
References
github.com/advisories/GHSA-h65g-jfqg-2w6m
github.com/janeczku/calibre-web/blob/8007e450b3178f517b83b0989744c6df38867932/cps/helper.py#L740
github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8
huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e
huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e/
Related
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P