CVE-2021-3987
MEDIUM5.4EPSS 0.11%Improper Access Control in janeczku/calibre-web
發布日:2024/11/15修改日:2024/11/19
描述
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users.
受影響套件(1)
- PyPI/calibrewebfrom 0, < 0.6.15
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |