You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@euri10 I've replaced the default app.db and removed the guest user. Interestingly I think the vulnerability was fixed with this commit and the files cps/ub.py & cps/web.py and using this default app.db I wasn't able to login to the webui using those credentials, so not sure this was still an ongoing problem.
the README states the following
03.07.18: New build pushed, all versions below 67 have vulnerability
However a quick inspect on https://github.com/linuxserver/docker-calibre-web/blob/master/root/defaults/app.db that is pushed by default when building the image reveals it still contains the Guest user mentioned in upstream project janeczku/calibre-web#534
The text was updated successfully, but these errors were encountered: