もっと詳しく

calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery (SSRF). This is a result of incomplete SSRF protection that can be bypassed via an HTTP redirect. An HTTP server set up to respond with a 302 redirect may redirect a request to localhost.

References