Filtered by vendor Mealie
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34621 | 1 Mealie | 1 Mealie | 2024-08-03 | 6.5 Medium |
| Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter. | ||||
| CVE-2022-34615 | 1 Mealie | 1 Mealie | 2024-08-03 | 9.8 Critical |
| Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | ||||
| CVE-2022-34624 | 1 Mealie | 1 Mealie | 2024-08-03 | 5.9 Medium |
| Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request. | ||||
| CVE-2022-32425 | 1 Mealie | 1 Mealie | 2024-08-03 | 5.3 Medium |
| The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time. | ||||
| CVE-2024-31993 | 1 Mealie | 1 Mealie | 2024-08-02 | 6.2 Medium |
| Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the Mealie server will also vary depending on whether or not the target file is an image, is not an image, or does not exist. Additionally, when a file is retrieved the file may remain stored on Mealie’s file system as original.jpg under the UUID of the recipe it was requested for. If the attacker has access to an admin account (e.g. the default changeme@example.com), this file can then be retrieved. Note that if Mealie is running in a development setting this could be leveraged by an attacker to retrieve any file that the Mealie server had downloaded in this fashion without the need for administrator access. This vulnerability is fixed in 1.4.0. | ||||
| CVE-2024-31992 | 1 Mealie | 1 Mealie | 2024-08-02 | 6.5 Medium |
| Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to prevent DDoS by implementing a timeout on requests, it is possible for an attacker to issue a large number of requests to the server which will be handled in batches based on the configuration of the Mealie server. The chunking of responses is helpful for mitigating memory exhaustion on the Mealie server, however a single request to an arbitrarily large external file (e.g. a Debian ISO) is often sufficient to completely saturate a CPU core assigned to the Mealie container. Without rate limiting in place, it is possible to not only sustain traffic against an external target indefinitely, but also to exhaust the CPU resources assigned to the Mealie container. This vulnerability is fixed in 1.4.0. | ||||
Page 1 of 1.