Home > Vulnerability Database > CVE-2021-3987

Mend.io Vulnerability Database

CVE-2021-3987

Good to know:

Date: November 15, 2024

An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the "create_shelf" method in "shelf.py" not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users.

Language: Python

Severity Score

4.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3987

Url: https://github.com/janeczku/calibre-web

Url: https://github.com/janeczku/calibre-web/commit/bcdc97641447965af486964537f3821f47b28874

Url: https://huntr.com/bounties/29fcc091-87b6-43bc-ab4b-3c0bec3f71df

Url: https://www.mend.io/vulnerability-database/CVE-2021-3987

Severity Score

4.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version calibreweb - 0.6.15

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3987

Good to know:

Date: November 15, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?