Количество 3
Количество 3
CVE-2021-3987
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users.
CVE-2021-3987
An improper access control vulnerability exists in janeczku/calibre-we ...
GHSA-fj5v-w2jp-wqvj
Improper Access Control in janeczku/calibre-web
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-3987 An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users. | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
| CVE-2021-3987 An improper access control vulnerability exists in janeczku/calibre-we ... | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
| GHSA-fj5v-w2jp-wqvj Improper Access Control in janeczku/calibre-web | CVSS3: 5.4 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу