CVE-2022-34625

2022-08-0215:16:16

mitre

www.cve.org

mealie1.0.0beta3

server-side template injection

jinja2

arbitrary code

vulnerability

0.002 Low

EPSS

Percentile

59.5%

JSON

Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template.

References

cwe.mitre.org/data/definitions/1336.html

cwe.mitre.org/data/definitions/94.html

docs.mealie.io/changelog/v0.5.6/

gainsec.com/2022/08/02/cve-2022-34625-ssti-rce-mealie/

hub.docker.com/r/hkotel/mealie

0.002 Low

EPSS

Percentile

59.5%

JSON

Related for CVELIST:CVE-2022-34625