Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
calibre has Server-Side Request Forgery in ebook viewer backend
Vulnerability Description
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitrary URLs and exfiltrate information out from the ebook sandbox. Version 9.6.0 patches the issue.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Calibre 代码问题漏洞
Vulnerability Description
Calibre是印度Kovid Goyal个人开发者的一个开源免费的全能电子书阅读管理与格式转换工具。 Calibre 9.6.0之前版本存在代码问题漏洞,该漏洞源于calibre电子书阅读器Web视图的background-image端点存在服务端请求伪造,可能导致攻击者向任意URL执行盲GET请求并从电子书沙箱中泄露信息。
CVSS Information
N/A
Vulnerability Type
N/A