[SECURITY] 4 Broken Access Control Vulnerabilities

mealie-recipes / mealie

Mealie is a self hosted recipe manager and meal planner with a RestAPI backend and a reactive frontend application built in Vue for a pleasant user experience for the whole family. Easily add recipes into your database by providing the url and mealie will automatically import the relevant data or add a family recipe with the UI editor

https://docs.mealie.io

GNU Affero General Public License v3.0

7.47k stars 750 forks source link

[SECURITY] 4 Broken Access Control Vulnerabilities #4593

Open m10x opened 3 days ago

m10x commented 3 days ago

A few minutes ago I've emailed you the details to one high risk broken access control vulnerability and will now write you the details to three more (but low to lower medium risk) broken access control vulnerabilities.

m10x commented 3 days ago

I've sent an email for each of the 4 vulns :)

hay-kot commented 2 days ago

Thanks for the report! I've reviewed the info and passed it along to the other maintainers, we'll follow up once we've fixed that issue.