Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    36 vulnerabilities by calibre-web_project

    CVE-2023-2106 (GCVE-0-2023-2106)

    Vulnerability from nvd – Published: 2023-04-15 00:00 – Updated: 2025-02-06 15:33
    VLAI
    Title
    Weak Password Requirements in janeczku/calibre-web
    Summary
    Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:12:20.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2106",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T15:32:47.898937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-521",
                    "description": "CWE-521 Weak Password Requirements",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T15:33:47.636Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-15T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
            },
            {
              "url": "https://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781"
            }
          ],
          "source": {
            "advisory": "c3d5c647-7557-40a9-aee4-24dc14882781",
            "discovery": "EXTERNAL"
          },
          "title": "Weak Password Requirements in janeczku/calibre-web"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2106",
        "datePublished": "2023-04-15T00:00:00.000Z",
        "dateReserved": "2023-04-15T00:00:00.000Z",
        "dateUpdated": "2025-02-06T15:33:47.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2525 (GCVE-0-2022-2525)

    Vulnerability from nvd – Published: 2023-04-15 00:00 – Updated: 2025-02-06 16:02
    VLAI
    Title
    Improper Restriction of Excessive Authentication Attempts in janeczku/calibre-web
    Summary
    Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:39:07.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2525",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T16:02:14.757050Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-307",
                    "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T16:02:55.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-15T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0"
            },
            {
              "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
            }
          ],
          "source": {
            "advisory": "9ff87820-c14c-4454-9764-406496254ef0",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Restriction of Excessive Authentication Attempts in janeczku/calibre-web"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2525",
        "datePublished": "2023-04-15T00:00:00.000Z",
        "dateReserved": "2022-07-24T00:00:00.000Z",
        "dateUpdated": "2025-02-06T16:02:55.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30765 (GCVE-0-2022-30765)

    Vulnerability from nvd – Published: 2022-05-16 01:50 – Updated: 2024-08-03 06:56
    VLAI
    Summary
    Calibre-Web before 0.6.18 allows user table SQL Injection.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:56:14.094Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/blob/master/SECURITY.md"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/releases/tag/0.6.18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Calibre-Web before 0.6.18 allows user table SQL Injection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T01:50:53.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/blob/master/SECURITY.md"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/releases/tag/0.6.18"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-30765",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Calibre-Web before 0.6.18 allows user table SQL Injection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/janeczku/calibre-web/blob/master/SECURITY.md",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/blob/master/SECURITY.md"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/releases/tag/0.6.18",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/releases/tag/0.6.18"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-30765",
        "datePublished": "2022-05-16T01:50:53.000Z",
        "dateReserved": "2022-05-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:56:14.094Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0990 (GCVE-0-2022-0990)

    Vulnerability from nvd – Published: 2022-04-04 17:50 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.18 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.18",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-04T17:50:17.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5"
            }
          ],
          "source": {
            "advisory": "31649903-c19c-4dae-aee0-a04b095855c5",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0990",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
                },
                {
                  "name": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5"
                }
              ]
            },
            "source": {
              "advisory": "31649903-c19c-4dae-aee0-a04b095855c5",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0990",
        "datePublished": "2022-04-04T17:50:17.000Z",
        "dateReserved": "2022-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0939 (GCVE-0-2022-0939)

    Vulnerability from nvd – Published: 2022-04-04 09:40 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.18 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.285Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.18",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-04T09:40:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
            }
          ],
          "source": {
            "advisory": "768fd7e2-a767-4d8d-a517-e9dda849c6e4",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0939",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
                }
              ]
            },
            "source": {
              "advisory": "768fd7e2-a767-4d8d-a517-e9dda849c6e4",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0939",
        "datePublished": "2022-04-04T09:40:10.000Z",
        "dateReserved": "2022-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0406 (GCVE-0-2022-0406)

    Vulnerability from nvd – Published: 2022-04-03 19:05 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Improper Authorization in janeczku/calibre-web
    Summary
    Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-03T19:05:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706"
            }
          ],
          "source": {
            "advisory": "d7498799-4797-4751-b5e2-b669e729d5db",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Authorization in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0406",
              "STATE": "PUBLIC",
              "TITLE": "Improper Authorization in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706"
                }
              ]
            },
            "source": {
              "advisory": "d7498799-4797-4751-b5e2-b669e729d5db",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0406",
        "datePublished": "2022-04-03T19:05:10.000Z",
        "dateReserved": "2022-01-28T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0405 (GCVE-0-2022-0405)

    Vulnerability from nvd – Published: 2022-04-03 18:30 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Improper Access Control in janeczku/calibre-web
    Summary
    Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.394Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-03T18:30:15.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe"
            }
          ],
          "source": {
            "advisory": "370538f6-5312-4c15-9fc0-b4c36ac236fe",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0405",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
                },
                {
                  "name": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe"
                }
              ]
            },
            "source": {
              "advisory": "370538f6-5312-4c15-9fc0-b4c36ac236fe",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0405",
        "datePublished": "2022-04-03T18:30:15.000Z",
        "dateReserved": "2022-01-28T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0767 (GCVE-0-2022-0767)

    Vulnerability from nvd – Published: 2022-03-07 07:05 – Updated: 2024-08-02 23:40
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.17 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:03.721Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T07:05:11.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
            }
          ],
          "source": {
            "advisory": "b26fc127-9b6a-4be7-a455-58aefbb62d9e",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0767",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
                }
              ]
            },
            "source": {
              "advisory": "b26fc127-9b6a-4be7-a455-58aefbb62d9e",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0767",
        "datePublished": "2022-03-07T07:05:11.000Z",
        "dateReserved": "2022-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:03.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0766 (GCVE-0-2022-0766)

    Vulnerability from nvd – Published: 2022-03-07 07:05 – Updated: 2024-08-02 23:40
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.17 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:03.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T07:05:19.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b"
            }
          ],
          "source": {
            "advisory": "7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0766",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
                },
                {
                  "name": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b"
                }
              ]
            },
            "source": {
              "advisory": "7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0766",
        "datePublished": "2022-03-07T07:05:19.000Z",
        "dateReserved": "2022-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:03.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0339 (GCVE-0-2022-0339)

    Vulnerability from nvd – Published: 2022-01-30 13:17 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-30T13:17:54.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
            }
          ],
          "source": {
            "advisory": "499688c4-6ac4-4047-a868-7922c3eab369",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0339",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
                }
              ]
            },
            "source": {
              "advisory": "499688c4-6ac4-4047-a868-7922c3eab369",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0339",
        "datePublished": "2022-01-30T13:17:54.000Z",
        "dateReserved": "2022-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0273 (GCVE-0-2022-0273)

    Vulnerability from nvd – Published: 2022-01-30 13:21 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Improper Access Control in janeczku/calibre-web
    Summary
    Improper Access Control in Pypi calibreweb prior to 0.6.16.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in Pypi calibreweb prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-30T13:21:51.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf"
            }
          ],
          "source": {
            "advisory": "8f27686f-d698-4ab6-8ef0-899125792f13",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0273",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control in Pypi calibreweb prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf"
                }
              ]
            },
            "source": {
              "advisory": "8f27686f-d698-4ab6-8ef0-899125792f13",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0273",
        "datePublished": "2022-01-30T13:21:51.000Z",
        "dateReserved": "2022-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0352 (GCVE-0-2022-0352)

    Vulnerability from nvd – Published: 2022-01-28 21:29 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web
    Summary
    Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-28T21:29:15.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1"
            }
          ],
          "source": {
            "advisory": "a577ff17-2ded-4c41-84ae-6ac02440f717",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0352",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1"
                }
              ]
            },
            "source": {
              "advisory": "a577ff17-2ded-4c41-84ae-6ac02440f717",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0352",
        "datePublished": "2022-01-28T21:29:15.000Z",
        "dateReserved": "2022-01-24T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4164 (GCVE-0-2021-4164)

    Vulnerability from nvd – Published: 2022-01-17 12:35 – Updated: 2024-08-03 17:16
    VLAI
    Title
    Cross-Site Request Forgery (CSRF) in janeczku/calibre-web
    Summary
    calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.257Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-17T12:35:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30"
            }
          ],
          "source": {
            "advisory": "2debace1-a0f3-45c1-95fa-9d0512680758",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-Site Request Forgery (CSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2021-4164",
              "STATE": "PUBLIC",
              "TITLE": "Cross-Site Request Forgery (CSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30"
                }
              ]
            },
            "source": {
              "advisory": "2debace1-a0f3-45c1-95fa-9d0512680758",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2021-4164",
        "datePublished": "2022-01-17T12:35:10.000Z",
        "dateReserved": "2021-12-24T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:04.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4171 (GCVE-0-2021-4171)

    Vulnerability from nvd – Published: 2022-01-17 09:45 – Updated: 2024-08-03 17:16
    VLAI
    Title
    Business Logic Errors in janeczku/calibre-web
    Summary
    calibre-web is vulnerable to Business Logic Errors
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.253Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/1117f439-133c-4563-afb2-6cd80607bd5c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/3e0d8763c377d2146462811e3e4ccf13f0d312ce"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "calibre-web is vulnerable to Business Logic Errors"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-840",
                  "description": "CWE-840 Business Logic Errors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-17T09:45:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/1117f439-133c-4563-afb2-6cd80607bd5c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/3e0d8763c377d2146462811e3e4ccf13f0d312ce"
            }
          ],
          "source": {
            "advisory": "1117f439-133c-4563-afb2-6cd80607bd5c",
            "discovery": "EXTERNAL"
          },
          "title": "Business Logic Errors in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2021-4171",
              "STATE": "PUBLIC",
              "TITLE": "Business Logic Errors in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "calibre-web is vulnerable to Business Logic Errors"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-840 Business Logic Errors"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/1117f439-133c-4563-afb2-6cd80607bd5c",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/1117f439-133c-4563-afb2-6cd80607bd5c"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/3e0d8763c377d2146462811e3e4ccf13f0d312ce",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/3e0d8763c377d2146462811e3e4ccf13f0d312ce"
                }
              ]
            },
            "source": {
              "advisory": "1117f439-133c-4563-afb2-6cd80607bd5c",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2021-4171",
        "datePublished": "2022-01-17T09:45:10.000Z",
        "dateReserved": "2021-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:04.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4170 (GCVE-0-2021-4170)

    Vulnerability from nvd – Published: 2022-01-16 20:55 – Updated: 2024-08-03 17:16
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in janeczku/calibre-web
    Summary
    calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.234Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/ff395101-e392-401d-ab4f-579c63fbf6a0"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-16T20:55:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/ff395101-e392-401d-ab4f-579c63fbf6a0"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5"
            }
          ],
          "source": {
            "advisory": "ff395101-e392-401d-ab4f-579c63fbf6a0",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2021-4170",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - Stored in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/ff395101-e392-401d-ab4f-579c63fbf6a0",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/ff395101-e392-401d-ab4f-579c63fbf6a0"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5"
                }
              ]
            },
            "source": {
              "advisory": "ff395101-e392-401d-ab4f-579c63fbf6a0",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2021-4170",
        "datePublished": "2022-01-16T20:55:10.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:04.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2525 (GCVE-0-2022-2525)

    Vulnerability from cvelistv5 – Published: 2023-04-15 00:00 – Updated: 2025-02-06 16:02
    VLAI
    Title
    Improper Restriction of Excessive Authentication Attempts in janeczku/calibre-web
    Summary
    Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:39:07.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2525",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T16:02:14.757050Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-307",
                    "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T16:02:55.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-15T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0"
            },
            {
              "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
            }
          ],
          "source": {
            "advisory": "9ff87820-c14c-4454-9764-406496254ef0",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Restriction of Excessive Authentication Attempts in janeczku/calibre-web"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2525",
        "datePublished": "2023-04-15T00:00:00.000Z",
        "dateReserved": "2022-07-24T00:00:00.000Z",
        "dateUpdated": "2025-02-06T16:02:55.497Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2106 (GCVE-0-2023-2106)

    Vulnerability from cvelistv5 – Published: 2023-04-15 00:00 – Updated: 2025-02-06 15:33
    VLAI
    Title
    Weak Password Requirements in janeczku/calibre-web
    Summary
    Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:12:20.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2106",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T15:32:47.898937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-521",
                    "description": "CWE-521 Weak Password Requirements",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T15:33:47.636Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-15T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://github.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e"
            },
            {
              "url": "https://huntr.dev/bounties/c3d5c647-7557-40a9-aee4-24dc14882781"
            }
          ],
          "source": {
            "advisory": "c3d5c647-7557-40a9-aee4-24dc14882781",
            "discovery": "EXTERNAL"
          },
          "title": "Weak Password Requirements in janeczku/calibre-web"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-2106",
        "datePublished": "2023-04-15T00:00:00.000Z",
        "dateReserved": "2023-04-15T00:00:00.000Z",
        "dateUpdated": "2025-02-06T15:33:47.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30765 (GCVE-0-2022-30765)

    Vulnerability from cvelistv5 – Published: 2022-05-16 01:50 – Updated: 2024-08-03 06:56
    VLAI
    Summary
    Calibre-Web before 0.6.18 allows user table SQL Injection.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:56:14.094Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/blob/master/SECURITY.md"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/releases/tag/0.6.18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Calibre-Web before 0.6.18 allows user table SQL Injection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T01:50:53.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/blob/master/SECURITY.md"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/releases/tag/0.6.18"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-30765",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Calibre-Web before 0.6.18 allows user table SQL Injection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/janeczku/calibre-web/blob/master/SECURITY.md",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/blob/master/SECURITY.md"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/releases/tag/0.6.18",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/releases/tag/0.6.18"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-30765",
        "datePublished": "2022-05-16T01:50:53.000Z",
        "dateReserved": "2022-05-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:56:14.094Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0990 (GCVE-0-2022-0990)

    Vulnerability from cvelistv5 – Published: 2022-04-04 17:50 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.18 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.18",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-04T17:50:17.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5"
            }
          ],
          "source": {
            "advisory": "31649903-c19c-4dae-aee0-a04b095855c5",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0990",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
                },
                {
                  "name": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/31649903-c19c-4dae-aee0-a04b095855c5"
                }
              ]
            },
            "source": {
              "advisory": "31649903-c19c-4dae-aee0-a04b095855c5",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0990",
        "datePublished": "2022-04-04T17:50:17.000Z",
        "dateReserved": "2022-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0939 (GCVE-0-2022-0939)

    Vulnerability from cvelistv5 – Published: 2022-04-04 09:40 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.18 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:43.285Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.18",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-04T09:40:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
            }
          ],
          "source": {
            "advisory": "768fd7e2-a767-4d8d-a517-e9dda849c6e4",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0939",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/768fd7e2-a767-4d8d-a517-e9dda849c6e4"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/4545f4a20d9ff90b99bbd4e3e34b6de4441d6367"
                }
              ]
            },
            "source": {
              "advisory": "768fd7e2-a767-4d8d-a517-e9dda849c6e4",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0939",
        "datePublished": "2022-04-04T09:40:10.000Z",
        "dateReserved": "2022-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:43.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0406 (GCVE-0-2022-0406)

    Vulnerability from cvelistv5 – Published: 2022-04-03 19:05 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Improper Authorization in janeczku/calibre-web
    Summary
    Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-03T19:05:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706"
            }
          ],
          "source": {
            "advisory": "d7498799-4797-4751-b5e2-b669e729d5db",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Authorization in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0406",
              "STATE": "PUBLIC",
              "TITLE": "Improper Authorization in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/d7498799-4797-4751-b5e2-b669e729d5db"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/e0e04220109920575179a8f924543449c6de0706"
                }
              ]
            },
            "source": {
              "advisory": "d7498799-4797-4751-b5e2-b669e729d5db",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0406",
        "datePublished": "2022-04-03T19:05:10.000Z",
        "dateReserved": "2022-01-28T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0405 (GCVE-0-2022-0405)

    Vulnerability from cvelistv5 – Published: 2022-04-03 18:30 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Improper Access Control in janeczku/calibre-web
    Summary
    Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.394Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-03T18:30:15.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe"
            }
          ],
          "source": {
            "advisory": "370538f6-5312-4c15-9fc0-b4c36ac236fe",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0405",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
                },
                {
                  "name": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe"
                }
              ]
            },
            "source": {
              "advisory": "370538f6-5312-4c15-9fc0-b4c36ac236fe",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0405",
        "datePublished": "2022-04-03T18:30:15.000Z",
        "dateReserved": "2022-01-28T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0766 (GCVE-0-2022-0766)

    Vulnerability from cvelistv5 – Published: 2022-03-07 07:05 – Updated: 2024-08-02 23:40
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.17 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:03.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T07:05:19.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b"
            }
          ],
          "source": {
            "advisory": "7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0766",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
                },
                {
                  "name": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b"
                }
              ]
            },
            "source": {
              "advisory": "7f2a5bb4-e6c7-4b6a-b8eb-face9e3add7b",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0766",
        "datePublished": "2022-03-07T07:05:19.000Z",
        "dateReserved": "2022-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:03.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0767 (GCVE-0-2022-0767)

    Vulnerability from cvelistv5 – Published: 2022-03-07 07:05 – Updated: 2024-08-02 23:40
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.17 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:03.721Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-07T07:05:11.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
            }
          ],
          "source": {
            "advisory": "b26fc127-9b6a-4be7-a455-58aefbb62d9e",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0767",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137d04b0b8"
                }
              ]
            },
            "source": {
              "advisory": "b26fc127-9b6a-4be7-a455-58aefbb62d9e",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0767",
        "datePublished": "2022-03-07T07:05:11.000Z",
        "dateReserved": "2022-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:03.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0273 (GCVE-0-2022-0273)

    Vulnerability from cvelistv5 – Published: 2022-01-30 13:21 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Improper Access Control in janeczku/calibre-web
    Summary
    Improper Access Control in Pypi calibreweb prior to 0.6.16.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in Pypi calibreweb prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-30T13:21:51.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf"
            }
          ],
          "source": {
            "advisory": "8f27686f-d698-4ab6-8ef0-899125792f13",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0273",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control in Pypi calibreweb prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/8f27686f-d698-4ab6-8ef0-899125792f13"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/0c0313f375bed7b035c8c0482bbb09599e16bfcf"
                }
              ]
            },
            "source": {
              "advisory": "8f27686f-d698-4ab6-8ef0-899125792f13",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0273",
        "datePublished": "2022-01-30T13:21:51.000Z",
        "dateReserved": "2022-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0339 (GCVE-0-2022-0339)

    Vulnerability from cvelistv5 – Published: 2022-01-30 13:17 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in janeczku/calibre-web
    Summary
    Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-30T13:17:54.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
            }
          ],
          "source": {
            "advisory": "499688c4-6ac4-4047-a868-7922c3eab369",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0339",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/499688c4-6ac4-4047-a868-7922c3eab369"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92"
                }
              ]
            },
            "source": {
              "advisory": "499688c4-6ac4-4047-a868-7922c3eab369",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0339",
        "datePublished": "2022-01-30T13:17:54.000Z",
        "dateReserved": "2022-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0352 (GCVE-0-2022-0352)

    Vulnerability from cvelistv5 – Published: 2022-01-28 21:29 – Updated: 2024-08-02 23:25
    VLAI
    Title
    Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web
    Summary
    Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-28T21:29:15.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1"
            }
          ],
          "source": {
            "advisory": "a577ff17-2ded-4c41-84ae-6ac02440f717",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0352",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.16"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/a577ff17-2ded-4c41-84ae-6ac02440f717"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/6bf07539788004513c3692c074ebc7ba4ce005e1"
                }
              ]
            },
            "source": {
              "advisory": "a577ff17-2ded-4c41-84ae-6ac02440f717",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0352",
        "datePublished": "2022-01-28T21:29:15.000Z",
        "dateReserved": "2022-01-24T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:25:40.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4164 (GCVE-0-2021-4164)

    Vulnerability from cvelistv5 – Published: 2022-01-17 12:35 – Updated: 2024-08-03 17:16
    VLAI
    Title
    Cross-Site Request Forgery (CSRF) in janeczku/calibre-web
    Summary
    calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.257Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-17T12:35:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30"
            }
          ],
          "source": {
            "advisory": "2debace1-a0f3-45c1-95fa-9d0512680758",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-Site Request Forgery (CSRF) in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2021-4164",
              "STATE": "PUBLIC",
              "TITLE": "Cross-Site Request Forgery (CSRF) in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/2debace1-a0f3-45c1-95fa-9d0512680758"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/785726deee13b4d56f6c3503dd57c1e3eb7d6f30"
                }
              ]
            },
            "source": {
              "advisory": "2debace1-a0f3-45c1-95fa-9d0512680758",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2021-4164",
        "datePublished": "2022-01-17T12:35:10.000Z",
        "dateReserved": "2021-12-24T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:04.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4171 (GCVE-0-2021-4171)

    Vulnerability from cvelistv5 – Published: 2022-01-17 09:45 – Updated: 2024-08-03 17:16
    VLAI
    Title
    Business Logic Errors in janeczku/calibre-web
    Summary
    calibre-web is vulnerable to Business Logic Errors
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.253Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/1117f439-133c-4563-afb2-6cd80607bd5c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/3e0d8763c377d2146462811e3e4ccf13f0d312ce"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "calibre-web is vulnerable to Business Logic Errors"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-840",
                  "description": "CWE-840 Business Logic Errors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-17T09:45:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/1117f439-133c-4563-afb2-6cd80607bd5c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/3e0d8763c377d2146462811e3e4ccf13f0d312ce"
            }
          ],
          "source": {
            "advisory": "1117f439-133c-4563-afb2-6cd80607bd5c",
            "discovery": "EXTERNAL"
          },
          "title": "Business Logic Errors in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2021-4171",
              "STATE": "PUBLIC",
              "TITLE": "Business Logic Errors in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "calibre-web is vulnerable to Business Logic Errors"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-840 Business Logic Errors"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/1117f439-133c-4563-afb2-6cd80607bd5c",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/1117f439-133c-4563-afb2-6cd80607bd5c"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/3e0d8763c377d2146462811e3e4ccf13f0d312ce",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/3e0d8763c377d2146462811e3e4ccf13f0d312ce"
                }
              ]
            },
            "source": {
              "advisory": "1117f439-133c-4563-afb2-6cd80607bd5c",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2021-4171",
        "datePublished": "2022-01-17T09:45:10.000Z",
        "dateReserved": "2021-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:04.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4170 (GCVE-0-2021-4170)

    Vulnerability from cvelistv5 – Published: 2022-01-16 20:55 – Updated: 2024-08-03 17:16
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in janeczku/calibre-web
    Summary
    calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    janeczku janeczku/calibre-web Affected: unspecified , < 0.6.15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.234Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/ff395101-e392-401d-ab4f-579c63fbf6a0"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "janeczku/calibre-web",
              "vendor": "janeczku",
              "versions": [
                {
                  "lessThan": "0.6.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-16T20:55:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/ff395101-e392-401d-ab4f-579c63fbf6a0"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5"
            }
          ],
          "source": {
            "advisory": "ff395101-e392-401d-ab4f-579c63fbf6a0",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in janeczku/calibre-web",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2021-4170",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - Stored in janeczku/calibre-web"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "janeczku/calibre-web",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.6.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "janeczku"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/ff395101-e392-401d-ab4f-579c63fbf6a0",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/ff395101-e392-401d-ab4f-579c63fbf6a0"
                },
                {
                  "name": "https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5",
                  "refsource": "MISC",
                  "url": "https://github.com/janeczku/calibre-web/commit/7ad419dc8c12180e842a82118f4866ac3d074bc5"
                }
              ]
            },
            "source": {
              "advisory": "ff395101-e392-401d-ab4f-579c63fbf6a0",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2021-4170",
        "datePublished": "2022-01-16T20:55:10.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:16:04.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }