Описание
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| calibre | fixed | 6.19.1-1 | package | |
| calibre | fixed | 6.13.0+repack-2+deb12u3 | bookworm | package |
| calibre | no-dsa | buster | package |
Примечания
https://github.com/0x1717/ssrf-via-img
https://github.com/kovidgoyal/calibre/commit/bbbddd2bf4ef4ddb467b0aeb0abe8765ed7f8a6b (v6.19.0)
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 2 лет назад
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.
CVSS3: 7.5
nvd
больше 2 лет назад
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.
CVSS3: 7.5
github
больше 2 лет назад
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.