CVE-2023-51697

Name of the Vulnerable Software and Affected Versions Audiobookshelf versions prior to 2.7.0

Description Audiobookshelf is a self-hosted audiobook and podcast server that is vulnerable to an unauthenticated blind server-side request (SSRF) vulnerability in podcastUtils.js. This issue has been addressed in version 2.7.0. There are no known workarounds for this vulnerability.

Recommendations For versions prior to 2.7.0, update to version 2.7.0 to resolve the issue. As a temporary workaround, consider disabling the podcastUtils.js functionality until a patch is available. Restrict access to the vulnerable podcastUtils.js module to minimize the risk of exploitation.