CVE-2022-0767

moderate-risk
Published 2022-03-07

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.

Do I need to act?

-
0.20% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: c53817859a0e46820a0a92bbd0697805f7e65445
9
CVSS 9.9/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Janeczku

References (4)

Patch https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137...
Exploit https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e
Patch https://github.com/janeczku/calibre-web/commit/965352c8d96c9eae7a6867ff76b0db137...
Exploit https://huntr.dev/bounties/b26fc127-9b6a-4be7-a455-58aefbb62d9e
39
/ 100
moderate-risk
Severity 33/34 · Critical
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal