calibreweb is vulnerable to server-side request forgery. The vulnerability exists in save_cover_from_url
in helper.py
because the internal end points are not properly validated which allows an attacker to access the devices running on the same network.