CVE-2022-23644

BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The problem has been patched and administrators should upgrade to version 0.3.0 As a workaround, BookWyrm instances can close registration and limit members to trusted individuals.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:joinbookwyrm:bookwyrm:*:*:*:*:*:*:*:*

Information

Published : 2022-02-16 11:15

Updated : 2022-02-25 10:20


NVD link : CVE-2022-23644

Mitre link : CVE-2022-23644


JSON object : View

CWE
CWE-918

Server-Side Request Forgery (SSRF)

Advertisement

dedicated server usa

Products Affected

joinbookwyrm

  • bookwyrm