Описание
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| calibre | fixed | 7.16.0+ds-1 | package | |
| calibre | fixed | 6.13.0+repack-2+deb12u4 | bookworm | package |
| calibre | fixed | 5.12.0+dfsg-1+deb11u2 | bullseye | package |
Примечания
https://starlabs.sg/advisories/24/24-7009/
https://github.com/kovidgoyal/calibre/commit/d56574285e8859d3d715eb7829784ee74337b7d7 (v7.16.0)
EPSS
Процентиль: 92%
0.08423
Низкий
Связанные уязвимости
CVSS3: 4.2
ubuntu
больше 1 года назад
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
CVSS3: 4.2
nvd
больше 1 года назад
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
CVSS3: 4.2
github
больше 1 года назад
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
EPSS
Процентиль: 92%
0.08423
Низкий