CVE-2022-23644

Name of the Vulnerable Software and Affected Versions BookWyrm versions prior to 0.3.0

Description The functionality to load a cover via URL in BookWyrm is vulnerable to a server-side request forgery attack. This issue can be exploited by a logged-in user. As a workaround, BookWyrm instances can close registration and limit members to trusted individuals.

Recommendations For versions prior to 0.3.0, upgrade to version 0.3.0 to resolve the issue. As a temporary workaround, consider closing registration and limiting members to trusted individuals to minimize the risk of exploitation.