4 matches found
Tandoor Recipes < 1.5.24 - Jinja2 SSTI RCE
Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows command execution via recipe steps. id: CVE-2025-23211 info: name: Tandoor Recipes 1.5.24 - Jinja2 SSTI RCE author: sammiee5311 severity: critical description: | Tandoor Recipes 1.5.24 has a Jinja2 SSTI vulnerability that allows...
Metasploit Wrap-Up 03/06/2026
Encoder exposed! Some of our releases add new ways in; this one adds new ways to stay in. There are, of course, still new RCE toys in the box Tactical RMM via Jinja2 SSTI and an unauthenticated MajorDoMo exploit. Still, the underlying theme is payloads: more control over how they are packaged and...
CVE-2025-23211 Tandoor Recipes - SSTI - Remote Code Execution
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24...
PT-2025-4850
Name of the Vulnerable Software and Affected Versions: Tandoor Recipes versions prior to 1.5.24 Description: The issue is related to a Jinja2 SSTI vulnerability that allows any user to execute commands on the server, potentially with root privileges in the case of the provided Docker Compose file...