CVE-2023-46303 Information

Description

link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can by default add resources outside of the document root.

Reference

https://github.com/0x1717/ssrf-via-img https://github.com/kovidgoyal/calibre/compare/v6.18.1…v6.19.0