提交 #806468: crocodilestick Calibre-Web-Automated v1.0.0-v4.0.6 Denial of Service信息

标题crocodilestick Calibre-Web-Automated v1.0.0-v4.0.6 Denial of Service
描述Calibre-Web-Automated (https://github.com/crocodilestick/Calibre-Web-Automated) suffers from a denial-of-service vulnerability. An unauthenticated remote attacker could use a GET /cwa-epub-fixer-start request to initiate a batch of EPUB fixes, rewriting and backing up library files in place. This fix reads and modifies all EPUB files in the library and creates backups, triggering a large number of CPU/disk operations and easily exhausting disk space.
来源⚠️ https://gist.github.com/menelausx/1b45c952d352a2ebdc01cd8d5aa88e87
用户
 JasperX (UID 97281)
提交2026-04-16 13時10分 (2 月前)
管理2026-05-03 09時59分 (17 days later)
状态已接受
VulDB条目360890 [crocodilestick Calibre-Web-Automated 直到 4.0.6 Admin Endpoint cps/cwa_functions.py 弱身份验证]
积分20

上一步一览下一步

Do you know our Splunk app?

Download it now for free!