Skip to main content

Mealie CVE-2022-34625

HIGH
Code Injection (CWE-94)
2022-08-02 cve@mitre.org
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 02, 2022 - 16:15 nvd
HIGH 7.2

DescriptionNVD

Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template.

AnalysisAI

Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template. Affected products include: Mealie Project Mealie.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

More in Mealie

View all
CVE-2022-34613 CRITICAL POC
9.8 Aug 02

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a

CVE-2024-55073 HIGH POC
7.6 Mar 27

A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows

CVE-2024-31994 MEDIUM POC
6.5 Apr 19

Mealie is a self hosted recipe manager and meal planner. Rated medium severity (CVSS 6.5), this vulnerability is low att

CVE-2025-70297 MEDIUM POC
6.1 Feb 11

A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1

CVE-2022-34615 CRITICAL
9.8 Aug 19

Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to t

CVE-2024-55072 MEDIUM POC
5.4 Mar 27

A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows

CVE-2025-70296 MEDIUM POC
5.4 Feb 11

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticate

CVE-2022-34619 MEDIUM POC
5.4 Aug 02

A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or

CVE-2022-34618 MEDIUM POC
5.4 Aug 02

A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts

CVE-2024-55070 LOW POC
3.1 Mar 27

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allo

CVE-2024-31992 MEDIUM
6.5 Apr 19

Mealie is a self hosted recipe manager and meal planner. Rated medium severity (CVSS 6.5), this vulnerability is remotel

CVE-2022-34621 MEDIUM
6.5 Aug 19

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attack

Share

CVE-2022-34625 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy