calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCalibre Ebook Calibre
APPCalibre-Ebook< 9.2.0
Powiązane podatności
Path Traversal w Calibre umożliwiający zapis plików i RCE (Windows)
Path Traversal w Calibre — zapis dowolnych plików przez czytnik PDB
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injec...
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of u...
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to ...