PatchSiren cyber security CVE debrief
CVE-2023-3375 Unisign CVE debrief
CVE-2023-3375 is a high-severity vulnerability in Bookreen versions before 3.0.0. The issue is described as an unrestricted upload of a file with a dangerous type that can lead to OS command injection. NVD rates the issue at CVSS 3.1 7.2 with network attack vector, low attack complexity, no user interaction, and high impact to confidentiality, integrity, and availability, but with high privileges required.
- Vendor
- Unisign
- Product
- Bookreen
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-09-05
- Original CVE updated
- 2024-11-21
- Advisory published
- 2023-09-05
- Advisory updated
- 2024-11-21
Who should care
Organizations running Bookreen before 3.0.0 should treat this as a priority issue, especially where privileged users can upload files or where uploaded content is processed by server-side jobs. Security teams, application owners, and administrators responsible for file-upload workflows should review exposure and upgrade plans.
Technical summary
The published data identifies CWE-434, unrestricted upload of file with dangerous type, as the weakness class. The affected CPE is cpe:2.3:a:bookreen:bookreen:*:*:*:*:*:*:*:* with vulnerability ending before 3.0.0. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating a remotely reachable issue that still requires high privileges. The source corpus does not provide patch details, exploit prerequisites beyond the CVSS privileges requirement, or remediation steps beyond the affected version boundary.
Defensive priority
High. The affected version range is clearly bounded, the impact is severe, and the attack path can affect server-side execution. However, the need for high privileges slightly narrows exposure compared with low-privilege remote flaws, so the main focus should be on privileged upload paths and rapid upgrade to 3.0.0 or later.
Recommended defensive actions
- Confirm whether any Bookreen instances are running versions before 3.0.0.
- Upgrade Bookreen to 3.0.0 or later if still supported.
- Review and restrict who can access file-upload functionality, especially privileged or administrative roles.
- Validate server-side upload controls to reject dangerous file types and enforce allowlists rather than blocklists.
- Inspect application logging and upload handling for unexpected file types or anomalous server-side behavior.
- If an affected instance cannot be upgraded immediately, reduce exposure by limiting upload features and monitoring privileged accounts closely.
Evidence notes
This debrief is based on the official CVE record and NVD detail for CVE-2023-3375, plus the referenced USOM advisory. The corpus explicitly states the affected range as Bookreen before 3.0.0, the weakness class as CWE-434, and the CVSS vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The source material does not include exploit steps, proof-of-concept code, or detailed vendor remediation guidance.
Official resources
-
CVE-2023-3375 CVE record
CVE.org
-
CVE-2023-3375 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Published by the CVE source on 2023-09-05. The record was later modified on 2024-11-21. This debrief uses the CVE publication date for timing context.