Description

A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of the shelf is exposed in an error message when a user attempts to remove a book from a shelf they do not own. This vulnerability discloses private information and affects all versions prior to the fix.

INFO

Published Date :

2024-11-15T10:52:21.551Z

Last Modified :

2024-11-15T18:31:36.752Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2021-3986 vulnerability.

Vendors Products
Calibre-web Project
  • Calibre-web
Janeczku
  • Calibre-web
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2021-3986.

URL Resource
https://github.com/janeczku/calibre-web/commit/6f5390ead5df9779ac81fadefffb476e03f93548 cve-icon cve-icon
https://huntr.com/bounties/394af194-61a7-4e33-b373-877d4c766fca cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact