- Description
- Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
CVE-2025-23211: Tandoor Recipes #Jinja2 #SSTI to #Remote_Code_Execution https://t.co/EfBzFihSQg https://t.co/q778MzWTBg
@omvapt
9 May 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes, leading to a full system compromise: https://t.co/HfUJ6hZRKh
@offsectraining
8 May 2025
294 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23211 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands o… https://t.co/NCl619r1G0
@CVEnew
28 Jan 2025
321 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-23211: CRITICAL] "Beware! Tandoor Recipes app had a Jinja2 SSTI vulnerability allowing users to run commands on the server. Update to version 1.5.24 to fix this cyber security flaw."#cybersecurity,#vulnerability https://t.co/UcittXt7a6 https://t.co/wk7IcXpomD
@CveFindCom
28 Jan 2025
34 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tandoor:recipes:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A83D0C6-19D5-4442-A398-20A96675441C",
"versionEndExcluding": "1.5.24"
}
],
"operator": "OR"
}
]
}
]