CVE-2021-3986

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3986

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3986.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-3986

Aliases

GHSA-m982-h4f8-g4hf

Published

2024-11-15T11:15:06Z

Modified

2024-11-19T18:50:59.389002Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix.

References

Affected packages

Git / github.com/janeczku/calibre-web

Affected ranges

Type: GIT
Repo: https://github.com/janeczku/calibre-web
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6f5390ead5df9779ac81fadefffb476e03f93548

Affected versions

0.*

0.6.0

0.6.10

0.6.11

0.6.12

0.6.13

0.6.14

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.6.9