CVE-2022-0766 MEDIUM

CVE-2022-0766: Server-Side Request Forgery (SSRF) in janeczku/calibre-web

Vendor Janeczku
Product janeczku/calibre-web
Weakness CWE-918 · SSRF
Published March 7, 2022
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.

Key dates

02Disclosure timeline

March 7, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-42188 Geyser: Server-Side Request Forgery (SSRF) via Player Head Texture URL CVE-2026-33975 twenty-server SSRF protection bypass via IPv4-mapped IPv6 address normalization CVE-2026-4979 UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter CVE-2024-13838 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook CVE-2024-39739 IBM Datacap Navigator server-side request forgery