What the vulnerability does
01Description
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
CVE-2022-0939
CRITICAL
CVE-2022-0939: Server-Side Request Forgery (SSRF) in janeczku/calibre-web
CVSS base score
9.0/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H
Key dates
02Disclosure timeline
April 4, 2022
CVE published
August 2, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-41813 txtdot SSRF vulnerability in /proxy
CVE-2020-17386 Cellopoint CelloOS - Server-Side Request Forgery (SSRF)
CVE-2024-2827 lakernote EasyAdmin saveReportFile server-side request forgery
CVE-2026-4231 vanna-ai vanna Endpoint __init__.py run_sql server-side request forgery
CVE-2026-42430 OpenClaw < 2026.4.8 - Strict Browser SSRF Bypass via Playwright Redirect Handling
