calibreweb is vulnerable to improper access control. The vulnerability exists because the server doesn’t properly validate the user permissions when rendering HTML containing shelf name which allows an attacker to gain access to names of all private shelves.
github.com/advisories/GHSA-gqcj-xp3p-vqqj
github.com/janeczku/calibre-web/blob/master/cps/shelf.py#L380
github.com/janeczku/calibre-web/commit/3b216bfa07ec7992eff03e55d61732af6df9bb92
github.com/janeczku/calibre-web/issues/1990
huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe
huntr.dev/bounties/370538f6-5312-4c15-9fc0-b4c36ac236fe/