How severe is CVE-2025-23211?

CVE-2025-23211 has a CVSS v3 score of 9.9 (CRITICAL).

CVE-2025-23211

Name: recipes
Author: tandoor

9.9CRITICAL

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the p

Publicado: 1/28/2025Actualizado: 5/8/2025

Descripción

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.

Análisis IAImpulsado por IA

Productos Afectados

tandoorrecipes

Referencias

https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95
Product
https://github.com/TandoorRecipes/recipes/commit/e6087d5129cc9d0c24278948872377e66c2a2c20
Patch
https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v
ExploitVendor Advisory
https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v
ExploitVendor Advisory