Bruno Hernández

**Name of the Vulnerable Software and Affected Versions** Mealie version 1.0.0beta3 **Description** The issue is related to weak password requirements, which can be exploited by attackers to gain unauthorized access to the application through brute-force attacks. **Recommendations** For Mealie version 1.0.0beta3, consider implementing stronger password requirements to mitigate the risk of brute-force attacks. As a temporary workaround, restrict access to sensitive areas of the application until a more robust password policy can be enforced. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mealie version 1.0.0beta3 **Description** The issue allows attackers to modify user passwords and other attributes via modification of the `user id` parameter. This is due to an Insecure Direct Object Reference (IDOR) vulnerability. **Recommendations** For Mealie version 1.0.0beta3, avoid using the `user id` parameter in affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to user attribute modification functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mealie version 1.0.0beta3 **Description** The issue allows attackers to execute arbitrary code via a crafted Jinja2 template. This is a result of a Server-Side Template Injection vulnerability. **Recommendations** For Mealie version 1.0.0beta3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.