CVE-2022-0767

Name of the Vulnerable Software and Affected Versions calibre-web versions prior to 0.6.17

Description The issue is related to Server-Side Request Forgery (SSRF) due to incomplete protection that can be bypassed via an HTTP redirect. An HTTP server set up to respond with a 302 redirect may redirect a request to localhost.

Recommendations For versions prior to 0.6.17, update to version 0.6.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP redirect functionality to minimize the risk of exploitation.