Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing malicious users to perform a man-in-the-middle attack via a crafted GET request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mealie mealie 0.5.5 |
||
mealie mealie 1.0.0 |