CVE-2024-6781: 
NixOS vulnerability analysis and mitigation

A path traversal vulnerability (CVE-2024-6781) was discovered in Calibre versions 7.14.0 and earlier. The vulnerability allows unauthenticated attackers to achieve arbitrary file read through the content server feature. The issue was discovered and reported by Amos Ng of STAR Labs SG Pte. Ltd., and was assigned a CVSS v3.1 base score of 7.5 (High) (STAR Labs).

The vulnerability exists in Calibre's content server functionality, specifically in the cmdexport.py module. The issue stems from insufficient input sanitization in the copyextrafileto function, which allows attackers to perform relative path traversal. The vulnerability is tracked as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and has a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility with no required privileges or user interaction (STAR Labs, NVD).

The vulnerability allows attackers to read arbitrary files on the system where Calibre is installed, as long as the files are UTF-8 compatible. This can lead to exposure of sensitive information stored on the system. The vulnerability is particularly concerning as it can be exploited by unauthenticated attackers when Calibre's content server is running with default configurations, which has basic authentication disabled (STAR Labs).

The vulnerability has been fixed in Calibre version 7.16.0 through a patch that implements proper input sanitization. Users are advised to upgrade to this version or later. The fix can be found in commit bcd0ab12c41a887f8290a9b56e46c3a29038d9c4 (Calibre Patch).