ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.
CVSS
No CVSS.
References
Configurations
No configuration.
History
25 Jul 2025, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1. |
25 Jul 2025, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login.This issue affects Calibre Web: 0.6.24; Autocaliweb: from 0.7.0 before 0.7.1. |
24 Jul 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-07-24 20:15
Updated : 2025-07-25 15:29
NVD link : CVE-2025-6998
Mitre link : CVE-2025-6998
CVE.ORG link : CVE-2025-6998
JSON object : View
Products Affected
No product.
CWE
CWE-1333
Inefficient Regular Expression Complexity