描述
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.
AI分析AI驱动
受影响产品
tandoorrecipes
参考资料
- https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95Product
- https://github.com/TandoorRecipes/recipes/commit/e6087d5129cc9d0c24278948872377e66c2a2c20Patch
- https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8vExploitVendor Advisory
- https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8vExploitVendor Advisory