Описание
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.
Ссылки
- Product
- Patch
- ExploitVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.24 (исключая)
cpe:2.3:a:tandoor:recipes:*:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02223
Низкий
9.9 Critical
CVSS3
Дефекты
CWE-1336
CWE-94
EPSS
Процентиль: 84%
0.02223
Низкий
9.9 Critical
CVSS3
Дефекты
CWE-1336
CWE-94