CVE-2024-31993 (GCVE-0-2024-31993)
Vulnerability from cvelistv5 – Published: 2024-04-19 21:02 – Updated: 2024-08-02 01:59
VLAI?
Title
Mealie vulnerable to a GET-based SSRF in recipe image importer (GHSL-2023-227)
Summary
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the Mealie server will also vary depending on whether or not the target file is an image, is not an image, or does not exist. Additionally, when a file is retrieved the file may remain stored on Mealie’s file system as original.jpg under the UUID of the recipe it was requested for. If the attacker has access to an admin account (e.g. the default changeme@example.com), this file can then be retrieved. Note that if Mealie is running in a development setting this could be leveraged by an attacker to retrieve any file that the Mealie server had downloaded in this fashion without the need for administrator access. This vulnerability is fixed in 1.4.0.
Severity ?
6.2 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mealie-recipes | mealie |
Affected:
< 1.4.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mealie:mealie:1.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mealie",
"vendor": "mealie",
"versions": [
{
"lessThan": "1.4.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31993",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T17:43:03.714626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:15.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/"
},
{
"name": "https://github.com/mealie-recipes/mealie/pull/3368",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mealie-recipes/mealie/pull/3368"
},
{
"name": "https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f"
},
{
"name": "https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mealie",
"vendor": "mealie-recipes",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the Mealie server will also vary depending on whether or not the target file is an image, is not an image, or does not exist. Additionally, when a file is retrieved the file may remain stored on Mealie\u2019s file system as original.jpg under the UUID of the recipe it was requested for. If the attacker has access to an admin account (e.g. the default changeme@example.com), this file can then be retrieved. Note that if Mealie is running in a development setting this could be leveraged by an attacker to retrieve any file that the Mealie server had downloaded in this fashion without the need for administrator access. This vulnerability is fixed in 1.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T21:02:56.989Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/"
},
{
"name": "https://github.com/mealie-recipes/mealie/pull/3368",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mealie-recipes/mealie/pull/3368"
},
{
"name": "https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f"
},
{
"name": "https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107"
}
],
"source": {
"advisory": "GHSA-vgmj-mq9v-q97p",
"discovery": "UNKNOWN"
},
"title": "Mealie vulnerable to a GET-based SSRF in recipe image importer (GHSL-2023-227)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31993",
"datePublished": "2024-04-19T21:02:56.989Z",
"dateReserved": "2024-04-08T13:48:37.491Z",
"dateUpdated": "2024-08-02T01:59:50.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the Mealie server will also vary depending on whether or not the target file is an image, is not an image, or does not exist. Additionally, when a file is retrieved the file may remain stored on Mealie\\u2019s file system as original.jpg under the UUID of the recipe it was requested for. If the attacker has access to an admin account (e.g. the default changeme@example.com), this file can then be retrieved. Note that if Mealie is running in a development setting this could be leveraged by an attacker to retrieve any file that the Mealie server had downloaded in this fashion without the need for administrator access. This vulnerability is fixed in 1.4.0.\"}, {\"lang\": \"es\", \"value\": \"Mealie es un administrador de recetas y planificador de comidas aut\\u00f3nomo. Antes de 1.4.0, la funci\\u00f3n scrape_image recuperaba una imagen basada en una URL proporcionada por el usuario; sin embargo, la URL proporcionada no est\\u00e1 validada para apuntar a una ubicaci\\u00f3n externa y no tiene ninguna limitaci\\u00f3n de velocidad obligatoria. La respuesta del servidor Mealie tambi\\u00e9n variar\\u00e1 dependiendo de si el archivo de destino es una imagen, no es una imagen o no existe. Adem\\u00e1s, cuando se recupera un archivo, \\u00e9ste puede permanecer almacenado en el sistema de archivos de Mealie como original.jpg bajo el UUID de la receta para la que se solicit\\u00f3. Si el atacante tiene acceso a una cuenta de administrador (por ejemplo, la predeterminada changeme@example.com), este archivo puede recuperarse. Tenga en cuenta que si Mealie se ejecuta en una configuraci\\u00f3n de desarrollo, un atacante podr\\u00eda aprovechar esto para recuperar cualquier archivo que el servidor de Mealie haya descargado de esta manera sin necesidad de acceso de administrador. Esta vulnerabilidad se solucion\\u00f3 en 1.4.0.\"}]",
"id": "CVE-2024-31993",
"lastModified": "2024-11-21T09:14:18.083",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 6.2, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.7, \"impactScore\": 4.0}]}",
"published": "2024-04-19T21:15:08.523",
"references": "[{\"url\": \"https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/mealie-recipes/mealie/pull/3368\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/mealie-recipes/mealie/pull/3368\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-31993\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-04-19T21:15:08.523\",\"lastModified\":\"2025-03-07T12:39:16.980\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the Mealie server will also vary depending on whether or not the target file is an image, is not an image, or does not exist. Additionally, when a file is retrieved the file may remain stored on Mealie\u2019s file system as original.jpg under the UUID of the recipe it was requested for. If the attacker has access to an admin account (e.g. the default changeme@example.com), this file can then be retrieved. Note that if Mealie is running in a development setting this could be leveraged by an attacker to retrieve any file that the Mealie server had downloaded in this fashion without the need for administrator access. This vulnerability is fixed in 1.4.0.\"},{\"lang\":\"es\",\"value\":\"Mealie es un administrador de recetas y planificador de comidas aut\u00f3nomo. Antes de 1.4.0, la funci\u00f3n scrape_image recuperaba una imagen basada en una URL proporcionada por el usuario; sin embargo, la URL proporcionada no est\u00e1 validada para apuntar a una ubicaci\u00f3n externa y no tiene ninguna limitaci\u00f3n de velocidad obligatoria. La respuesta del servidor Mealie tambi\u00e9n variar\u00e1 dependiendo de si el archivo de destino es una imagen, no es una imagen o no existe. Adem\u00e1s, cuando se recupera un archivo, \u00e9ste puede permanecer almacenado en el sistema de archivos de Mealie como original.jpg bajo el UUID de la receta para la que se solicit\u00f3. Si el atacante tiene acceso a una cuenta de administrador (por ejemplo, la predeterminada changeme@example.com), este archivo puede recuperarse. Tenga en cuenta que si Mealie se ejecuta en una configuraci\u00f3n de desarrollo, un atacante podr\u00eda aprovechar esto para recuperar cualquier archivo que el servidor de Mealie haya descargado de esta manera sin necesidad de acceso de administrador. Esta vulnerabilidad se solucion\u00f3 en 1.4.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mealie:mealie:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.0\",\"matchCriteriaId\":\"176FB8C0-1317-46C1-A470-EAC757778773\"}]}]}],\"references\":[{\"url\":\"https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mealie-recipes/mealie/pull/3368\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/mealie-recipes/mealie/pull/3368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"Mealie vulnerable to a GET-based SSRF in recipe image importer (GHSL-2023-227)\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-918\", \"lang\": \"en\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"ADJACENT_NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 6.2, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"scope\": \"CHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/\"}, {\"name\": \"https://github.com/mealie-recipes/mealie/pull/3368\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/mealie-recipes/mealie/pull/3368\"}, {\"name\": \"https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f\"}, {\"name\": \"https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107\"}], \"affected\": [{\"vendor\": \"mealie-recipes\", \"product\": \"mealie\", \"versions\": [{\"version\": \"\u003c 1.4.0\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-04-19T21:02:56.989Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the Mealie server will also vary depending on whether or not the target file is an image, is not an image, or does not exist. Additionally, when a file is retrieved the file may remain stored on Mealie\\u2019s file system as original.jpg under the UUID of the recipe it was requested for. If the attacker has access to an admin account (e.g. the default changeme@example.com), this file can then be retrieved. Note that if Mealie is running in a development setting this could be leveraged by an attacker to retrieve any file that the Mealie server had downloaded in this fashion without the need for administrator access. This vulnerability is fixed in 1.4.0.\"}], \"source\": {\"advisory\": \"GHSA-vgmj-mq9v-q97p\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-31993\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-22T17:43:03.714626Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:mealie:mealie:1.4.0:*:*:*:*:*:*:*\"], \"vendor\": \"mealie\", \"product\": \"mealie\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"1.4.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-22T18:39:07.149Z\"}, \"title\": \"CISA ADP Vulnrichment\"}]}",
"cveMetadata": "{\"cveId\": \"CVE-2024-31993\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2024-04-08T13:48:37.491Z\", \"datePublished\": \"2024-04-19T21:02:56.989Z\", \"dateUpdated\": \"2024-06-04T17:37:15.936Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…