Vulnerability Details CVE-2022-34613
Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.9%
CVSS Severity
CVSS v3 Score 9.8
References
- https://cwe.mitre.org/data/definitions/79.html
- https://docs.mealie.io/changelog/v0.5.6/
- https://gainsec.com/2022/08/02/cve-2022-34613-cve-2022-34618-cve-2022-34619-xss-file-upload-and-more/
- https://hub.docker.com/r/hkotel/mealie
- https://cwe.mitre.org/data/definitions/79.html
- https://docs.mealie.io/changelog/v0.5.6/
- https://gainsec.com/2022/08/02/cve-2022-34613-cve-2022-34618-cve-2022-34619-xss-file-upload-and-more/
- https://hub.docker.com/r/hkotel/mealie
Products affected by CVE-2022-34613
-
cpe:2.3:a:mealie_project:mealie:1.0.0