calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitrary URLs and exfiltrate information out from the ebook sandbox. Version 9.6.0 patches the issue.
2.33.0+dfsg-1build12.38.0+dfsg-12.45.0+dfsg-12.45.0+dfsg-1build12.48.0+dfsg-12.48.0+dfsg-1build12.54.0+dfsg-12.55.0+dfsg-12.55.0+dfsg-1ubuntu0.23.12.0+dfsg-13.13.0+dfsg-13.14.0+dfsg-13.15.0.1+dfsg-13.16.0+dfsg-13.16.0+dfsg-1build13.17.0+dfsg-13.17.0+dfsg-23.18.0+dfsg-1build13.19.0+dfsg-1+5 more3.46.0+dfsg-14.2.0+dfsg-24.3.0+dfsg-14.3.0+dfsg-24.4.0+dfsg-14.5.0+dfsg-14.5.0+dfsg-24.5.0+dfsg-34.6.0+dfsg-14.7.0+dfsg-1+9 more5.25.0+dfsg-25.33.2+dfsg-15.34.0+dfsg-15.35.0+dfsg-1ubuntu25.37.0+dfsg-15.37.0+dfsg-1build16.24.0+ds-16.29.0+ds-17.0.0+ds-17.1.0+ds-17.1.0+ds-27.2.0+ds-17.2.0+ds-1build17.3.0+ds-17.4.0+ds-17.5.1+ds-1+4 more7.26.0+ds-4build18.3.0+ds-18.4.0+ds-18.5.0+ds-18.6.0+ds-18.7.0+ds-18.8.0+ds-28.8.0+ds-38.8.0+ds-3build18.13.0+ds+~0.10.5-38.14.0+ds+~0.10.5-18.15.0+ds+~0.10.5-18.16.0+ds+~0.10.5-28.16.2+ds+~0.10.5-18.16.2+ds+~0.10.5-28.16.2+ds+~0.10.5-38.8.0+ds-3build19.2.1+ds+~0.10.5-2build1Exploitability
AV:LAC:LAT:NPR:NUI:PVulnerable System
VC:LVI:NVA:NSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N