CVE-2024-31991

Name of the Vulnerable Software and Affected Versions Mealie versions prior to 1.4.0

Description The issue concerns the safe scrape html function, which uses a user-controlled URL to issue a request to a remote server. This function does not restrict the URL that can be provided, allowing an attacker to potentially identify HTTP(s) servers on the local network with any IP/port combination. The vulnerability can be exploited by any authenticated user, and since any user can create an account on a Mealie server by default, this poses a significant risk. The default user changeme@example.com with a hard-coded password is also available, further increasing the vulnerability.

Recommendations For versions prior to 1.4.0, update to version 1.4.0 to resolve the issue. As a temporary workaround, consider restricting access to the safe scrape html function until the update can be applied. Additionally, changing the default user's password and restricting account creation can help minimize the risk of exploitation.