11 results (0.012 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole (leading to possible disk consumption), however the more likely scenario given resource limitations is that the container will OOM during file retrieval if the target file size is greater than the allocated memory of the container. At best this can be used to force the container to infinitely restart due to OOM (if so configured in `docker-compose.yml), or at worst this can be used to force the Mealie container to crash and remain offline. • https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107 https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f https://github.com/mealie-recipes/mealie/pull/3368 https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the Mealie server will also vary depending on whether or not the target file is an image, is not an image, or does not exist. Additionally, when a file is retrieved the file may remain stored on Mealie’s file system as original.jpg under the UUID of the recipe it was requested for. If the attacker has access to an admin account (e.g. the default changeme@example.com), this file can then be retrieved. • https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107 https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f https://github.com/mealie-recipes/mealie/pull/3368 https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to prevent DDoS by implementing a timeout on requests, it is possible for an attacker to issue a large number of requests to the server which will be handled in batches based on the configuration of the Mealie server. The chunking of responses is helpful for mitigating memory exhaustion on the Mealie server, however a single request to an arbitrarily large external file (e.g. a Debian ISO) is often sufficient to completely saturate a CPU core assigned to the Mealie container. Without rate limiting in place, it is possible to not only sustain traffic against an external target indefinitely, but also to exhaust the CPU resources assigned to the Mealie container. • https://github.com/mealie-recipes/mealie/blob/mealie-next/mealie/services/scraper/scraper_strategies.py#L27-L70 https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f https://github.com/mealie-recipes/mealie/pull/3368 https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregard it. This function, nor those that call it, add any restrictions on the URL that can be provided, nor is it restricted to being an FQDN (i.e., an IP address can be provided). As this function’s return will be handled differently by its caller depending on the response, it is possible for an attacker to use this functionality to positively identify HTTP(s) servers on the local network with any IP/port combination. • https://github.com/mealie-recipes/mealie/blob/mealie-next/mealie/services/scraper/scraper_strategies.py#L27-L70 https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f https://github.com/mealie-recipes/mealie/pull/3368 https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request. Mealie versión 1.0.0beta3, no finaliza los tokens de descarga después de que un usuario cierre la sesión, lo que permite a atacantes llevar a cabo un ataque de tipo man-in-the-middle por medio de una petición GET diseñada. • http://hkotel.com http://mealie.com https://gainsec.com/2022/08/19/cve-2022-34615-cve-2022-34621-cve-2022-34623-cve-2022-34624 • CWE-613: Insufficient Session Expiration •