Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py`
Vulnerability Description
Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the to_dict() method, used to serialize configuration for the debug pack, doesn't adequately filter out sensitive fields such as API tokens. Users, unaware of the full contents, might share these debug packs, inadvertently leaking their private API keys. This issue has been patched in version 0.8.3.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
信息暴露
Vulnerability Title
Autocaliweb 信息泄露漏洞
Vulnerability Description
Autocaliweb是Phoenix Paulina Schmid个人开发者的一个Web管理平台。 Autocaliweb 0.8.3之前版本存在信息泄露漏洞,该漏洞源于debug包暴露敏感配置数据,可能导致API密钥泄露。
CVSS Information
N/A
Vulnerability Type
N/A