CVE-2022-2525

Description

Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.

How to fix CVE-2022-2525

To remediate CVE-2022-2525, upgrade the affected package to a fixed version below.

• PyPI/calibreweb—upgrade to 0.6.20 or later

Is CVE-2022-2525 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.6.20

References (3)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-2525
• WEBgithub.com/janeczku/calibre-web/commit/49e4f540c9b204c7e39b3c27ceadecd83ed60e7e
• WEBhuntr.dev/bounties/9ff87820-c14c-4454-9764-406496254ef0