Moderate severityNVD Advisory· Published Nov 15, 2024· Updated Nov 15, 2024
Improper Access Control in janeczku/calibre-web
CVE-2021-3987
Description
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the create_shelf method in shelf.py not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
calibrewebPyPI | < 0.6.15 | 0.6.15 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.