CVE-2025-55165— Autocaliweb 信息泄露漏洞

Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py`

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the to_dict() method, used to serialize configuration for the debug pack, doesn't adequately filter out sensitive fields such as API tokens. Users, unaware of the full contents, might share these debug packs, inadvertently leaking their private API keys. This issue has been patched in version 0.8.3.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

信息暴露

Autocaliweb 信息泄露漏洞

Autocaliweb是Phoenix Paulina Schmid个人开发者的一个Web管理平台。 Autocaliweb 0.8.3之前版本存在信息泄露漏洞，该漏洞源于debug包暴露敏感配置数据，可能导致API密钥泄露。

N/A

N/A