Amos Ng

**Name of the Vulnerable Software and Affected Versions** Calibre versions prior to 7.14.0 **Description** The issue is related to path traversal in the software, allowing unauthenticated attackers to achieve arbitrary file read. This is due to incorrect restriction of the directory path name with limited access. Exploitation of the issue may allow a remote attacker to disclose protected information. **Recommendations** For Calibre versions prior to 7.14.0, update to version 7.14.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Calibre versions 6.9.0 through 7.14.0 **Description** The issue is related to improper access control in the software, which allows unauthenticated attackers to achieve remote code execution. This is due to a vulnerability associated with deficiencies in the authorization mechanism. The exploitation of this vulnerability can enable a remote attacker to execute arbitrary code. **Recommendations** For Calibre versions 6.9.0 through 7.14.0, consider disabling the Content Server component as a temporary workaround until a patch is available. Restrict access to the Content Server component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.