CVE-2022-34624

Name of the Vulnerable Software and Affected Versions Mealie version 1.0.0beta3

Description The issue allows attackers to perform a man-in-the-middle attack via a crafted GET request, as download tokens are not terminated after a user logs out.

Recommendations For Mealie version 1.0.0beta3, as a temporary workaround, consider restricting access to sensitive operations that rely on download tokens until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.