Mealie Security Vulnerabilities and Issues — Mealie CVE List

Lucene search

Mealie ProjectMealie

5 matches found

CVE•added 2024/04/19 9:15 p.m.•66 views

CVE-2024-31991

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregard it. This function, nor those that call it,...

4.1CVSS6.4AI score0.00042EPSS

CVE•added 2022/08/02 10:15 p.m.•59 views

CVE-2022-34619

A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field.

5.4CVSS5.2AI score0.00279EPSS

CVE•added 2022/08/02 3:15 p.m.•54 views

CVE-2022-34618

A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field.

5.4CVSS5.2AI score0.00279EPSS

CVE•added 2022/08/02 4:15 p.m.•51 views

CVE-2022-34625

Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template.

7.2CVSS7.4AI score0.00519EPSS

CVE•added 2022/08/02 3:15 p.m.•50 views

CVE-2022-34613

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file.

9.8CVSS9.5AI score0.00543EPSS