CVE-2025-23211 – Tandoor Recipes Jinja2 SSTI Remote Command Execution
The following table lists the changes that have been made to the CVE-2025-23211 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.
-
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jan. 28, 2025
Action Type Old Value New Value Added Reference https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v -
New CVE Received by [email protected]
Jan. 28, 2025
Action Type Old Value New Value Added Description Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24. Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Added CWE CWE-1336 Added Reference https://github.com/TandoorRecipes/recipes/blob/4f9bff20c858180d0f7376de443a9fe4c123a50c/cookbook/helper/template_helper.py#L95 Added Reference https://github.com/TandoorRecipes/recipes/commit/e6087d5129cc9d0c24278948872377e66c2a2c20 Added Reference https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-r6rj-h75w-vj8v