2 matches found
CVE-2024-31992 Mealie contains a DoS vulnerability in recipe importer
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safescrapehtml function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to prevent DDoS by implementing a timeout on requests, it...
CVE-2024-31991 Mealie vulnerable to a GET-based SSRF in recipe importer (GHSL-2023-225)
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safescrapehtml function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregard it. This function, nor those that call it,...