Lucene search
GoogleOSV:GHSA-2647-C639-QV2JHistoryMar 08, 2022 - 12:00 a.m.
Server-Side Request Forgery in calibreweb
2022-03-0800:00:31
Google
osv.dev
20
calibreweb
ssrf
vulnerability
version 0.6.17
incomplete fix
cve-2022-0339
blacklist
payload
0.0.0.0
localhost
EPSS
0.002
Percentile
62.1%
calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery (SSRF). This is due to an incomplete fix for CVE-2022-0339. The blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost.
Related
github
github
Server-Side Request Forgery in calibreweb
2022-03-08 00:00:31
Server-Side Request Forgery in calibreweb
2022-02-01 00:48:54
huntr
huntr
Server-Side Request Forgery (SSRF) in janeczku/calibre-web
2021-12-20 11:47:34
Server-Side Request Forgery (SSRF)
2022-02-21 17:48:42
Server-Side Request Forgery (SSRF)
2022-03-09 19:06:05
osv
osv
Server-Side Request Forgery in calibreweb
2022-02-01 00:48:54
CVE-2022-0339
2022-01-30 14:15:07
PYSEC-2022-23
2022-01-30 14:15:00
prion
prion
Server side request forgery (ssrf)
2022-01-30 14:15:00
Server side request forgery (ssrf)
2022-03-07 07:15:00
nvd
nvd
CVE-2022-0339
2022-01-30 14:15:07
CVE-2022-0766
2022-03-07 07:15:07
veracode
veracode
Server-Side Request Forgery (SSRF)
2022-01-31 21:39:17
cvelist
cvelist
CVE-2022-0339 Server-Side Request Forgery (SSRF) in janeczku/calibre-web
2022-01-30 13:17:54
CVE-2022-0766 Server-Side Request Forgery (SSRF) in janeczku/calibre-web
2022-03-07 07:05:19
cve
cve
CVE-2022-0339
2022-01-30 14:15:07
CVE-2022-0766
2022-03-07 07:15:07