github Kareadita/Kavita v0.5.4.1
v0.5.4.1 - Security Hotfix
on GitHub

latest releases: v0.8.3.2, v0.8.3, v0.8.2...
2 years ago

This is a security hotfix, please update immediately! Several high severity issues were disclosed to the Kavita team this morning that require an immediate hotfix.

Thanks @vultza for disclosing these issues through Huntr.

Added

  • Added: After 5 login attempts, Kavita will impose a 10 min lockout before authentication can be retried

Fixed

  • Fixed: Fixed an exploit that allowed a user to change the admin user's account password, thus taking ownership of the server
  • Fixed: Fixed an exploit that would allow an unauthorized user to delete reading list items within a user's reading list
  • Fixed: Fixed an exploit that allowed a user to abuse an API and leak sensitive files from the system
  • Fixed: Fixed an exploit that allowed an unauthenticated user to download pdfs from the server
  • Fixed: Fixed an exploit (SSRF) that would allow a user to upload a cover image that isn't an image
Check out latest releases or
releases around Kareadita/Kavita v0.5.4.1

Don't miss a new Kavita release

NewReleases is sending notifications on new releases.

Get notifications