exploitDog

GHSA-vc8q-vv59-f54c

Опубликовано: 20 авг. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.9

Описание

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request.

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request.

Ссылки

EPSS

Процентиль: 50%

0.0027

Низкий

5.9 Medium

CVSS3

CVE ID

Дефекты

CWE-613

Связанные уязвимости

CVE-2022-34624

CVSS3: 5.9

nvd

больше 3 лет назад

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request.

EPSS

Процентиль: 50%

0.0027

Низкий

5.9 Medium

CVSS3

CVE ID

Дефекты

CWE-613