説明
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.
AI分析AIによる分析
影響を受ける製品
tandoorrecipes
参照
- https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95Product
- https://github.com/TandoorRecipes/recipes/commit/e6087d5129cc9d0c24278948872377e66c2a2c20Patch
- https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8vExploitVendor Advisory
- https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8vExploitVendor Advisory