Vulnerability Details CVE-2022-23644
BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The problem has been patched and administrators should upgrade to version 0.3.0 As a workaround, BookWyrm instances can close registration and limit members to trusted individuals.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2022-23644
-
cpe:2.3:a:joinbookwyrm:bookwyrm:-
-
cpe:2.3:a:joinbookwyrm:bookwyrm:0.0.1
-
cpe:2.3:a:joinbookwyrm:bookwyrm:0.1.0
-
cpe:2.3:a:joinbookwyrm:bookwyrm:0.1.1
-
cpe:2.3:a:joinbookwyrm:bookwyrm:0.2.0
-
cpe:2.3:a:joinbookwyrm:bookwyrm:0.2.1