Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
calibre has a path traversal vulnerability
Vulnerability Description
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the file system into the converted book. Additionally, missing authentication and server-side request forgery in the background-image endpoint in the ebook reader web view allow the files to be exfiltrated without additional interaction. Version 9.6.0 contains a fix.
CVSS Information
N/A
Vulnerability Type
相对路径遍历
Vulnerability Title
Calibre 安全漏洞
Vulnerability Description
Calibre是印度Kovid Goyal个人开发者的一个开源免费的全能电子书阅读管理与格式转换工具。 calibre 9.6.0之前版本存在安全漏洞,该漏洞源于Calibre处理Markdown等类似文本文件中的图像时存在路径遍历问题,可能导致攻击者将文件系统中的任意文件包含到转换后的书籍中,同时background-image端点缺少身份验证和服务端请求伪造可能导致文件被泄露。
CVSS Information
N/A
Vulnerability Type
N/A