Suggestions search

All statuses

Filter by:

With package: karakeep

Found 2 matching suggestions

View:

Compact

Detailed

Published

Permalink CVE-2026-45082

7.6 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): Low (L)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

updated 2 hours ago by @LeSuisse Activity log

Created suggestion 9 hours ago
@LeSuisse accepted 2 hours ago
@LeSuisse published on GitHub 2 hours ago

Karakeep has a SSRF Protection Bypass via Redirect Handling

Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward internal/private network destinations, these protections could be bypassed through crafted HTTP redirect chains. By leveraging attacker-controlled redirects, an authenticated user could cause vulnerable application components to initiate requests toward internally reachable Docker network services accessible from the application environment. The issue affected multiple processing paths, including crawler-related functionality and video download processing flows. Version 0.32.0 contains a patch.

References

https://github.com/karakeep-app/karakeep/security/advisories/GHSA-g647-327m-79g9 x_refsource_CONFIRMexploit

Affected products

karakeep

==< 0.32.0

Matching in nixpkgs

pkgs.karakeep

Self-hostable bookmark-everything app (links, notes and images) with AI-based automatic tagging and full text search

nixos-unstable 0.31.0
- nixpkgs-unstable 0.31.0
- nixos-unstable-small 0.31.0
nixos-25.11 0.31.0
- nixos-25.11-small 0.31.0
- nixpkgs-25.11-darwin 0.31.0

Package maintainers

@three Eric Roberts <eric@ericroberts.dev>

Published

Permalink CVE-2026-27627

8.2 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

updated 3 months ago by @LeSuisse Activity log

Created suggestion 3 months ago
@LeSuisse accepted 3 months ago
@LeSuisse published on GitHub 3 months ago

Karakeep's Reddit plugin content bypasses DOMPurify sanitization, enabling stored XSS

Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns `readableContentHtml`, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify, but the Reddit path skips both. Since this content ends up in `dangerouslySetInnerHTML` in the reader view, any malicious HTML in the Reddit response gets executed in the user's browser. Version 0.31.0 contains a patch for this issue.