← Voltar para CVEs

CVE-2025-23211

CRITICAL

9.9

Descricao

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.

Detalhes CVE

Pontuacao CVSS v3.19.9

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado1/28/2025

Ultima modificacao5/8/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

tandoor:recipes

Fraquezas (CWE)

CWE-1336CWE-94

Referencias

https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95(security-advisories@github.com)

https://github.com/TandoorRecipes/recipes/commit/e6087d5129cc9d0c24278948872377e66c2a2c20(security-advisories@github.com)

https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v(security-advisories@github.com)

https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.