PT-2024-24341 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie versions prior to 1.4.0 Description: The issue concerns the safe scrape html function, which uses a user-controlled URL to issue a request to a remote server. This function does not restrict the URL that can be provided, allowing an...

Design/Logic Flaw

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...

PT-2022-22245 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie version 1.0.0beta3 Description: The issue allows attackers to execute arbitrary code via a crafted file, exploiting an arbitrary file upload vulnerability. Recommendations: For Mealie version 1.0.0beta3, as a temporary workaround,...

PT-2022-22248 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie version 0.5.5 Description: A stored cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field. This enables attackers t...