How severe is CVE-2025-23211?

CVE-2025-23211 has a CVSS v3 score of 9.9 (CRITICAL).

CVE-2025-23211

Name: recipes
Author: tandoor

9.9CRITICAL

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the p

Veröffentlicht: 1/28/2025Aktualisiert: 5/8/2025

Beschreibung

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.

KI-AnalyseKI-gestützt

Betroffene Produkte

tandoorrecipes

Referenzen

https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95
Product
https://github.com/TandoorRecipes/recipes/commit/e6087d5129cc9d0c24278948872377e66c2a2c20
Patch
https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v
ExploitVendor Advisory
https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v
ExploitVendor Advisory