CVE-2025-6998

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-6998

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-6998.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-6998

Aliases

GHSA-2g7m-ph9x-7q7m

Published

2025-07-24T20:15:27Z

Modified

2025-07-28T15:27:15.642796Z

Summary

[none]

Details

ReDoS in stripwhitespaces() function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.

References

Affected packages

Git / github.com/gelbphoenix/autocaliweb

Affected ranges

Type: GIT
Repo: https://github.com/gelbphoenix/autocaliweb
Events: Introduced

35dece44cbf4ca715be07f4d62b95f0391491ac0

Fixed

84477b55caff47e54d93384015fa694b6eb9b5be

Affected versions

v0.*

v0.7.0