CVE-2025-23211
9.9CRITICALTandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the p
게시됨: 1/28/2025업데이트됨: 5/8/2025
설명
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.
AI 분석AI 기반
영향받는 제품
tandoorrecipes
참조
- https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95Product
- https://github.com/TandoorRecipes/recipes/commit/e6087d5129cc9d0c24278948872377e66c2a2c20Patch
- https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8vExploitVendor Advisory
- https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8vExploitVendor Advisory