CVE-2025-6998
Published
CVSS v3
N/A
CVSS v2
N/A
Affected
2
PROJECTS
Description
ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.
:books: Web app for browsing, reading and downloading eBooks stored in a Calibre database
GitHub(MOVED TO CODEBERG) :books: Web managing platform for eBooks, eComics and PDFs
GitHub