CNNVD-202602-2217 Information
CNNVD ID
CNNVD-202602-2217
Related CVE
- CNNVD Published: 2026-02-13
Description (Chinese)
Tandoor Recipes是Tandoor Recipes开源的一个用于管理食谱、计划膳食、建立购物清单等等的应用程序。 Tandoor Recipes 2.5.1之前版本存在代码问题漏洞,该漏洞源于Cookmate食谱导入功能未验证HTTP重定向后的目标URL,可能导致经过身份验证的用户发起盲服务端请求伪造攻击,从而扫描内部网络端口或访问云实例元数据。
Description (English)
Tandoor Recipes is an application for the management of recipes, the planning of meals, the creation of shopping lists, etc. The code problem gap in the pre-Tandoor Recipes 2.5.1 version stems from the failure of the Cookmate Spectrum Import function to verify the re-directed target URL of HTTP, which may result in an identity-verified user requesting a false attack to scan the internal network port or access cloud case metadata.
Vulnerability Type
代码问题
Affected Vendor
Tandoor Recipes
Published
2026-02-13
Last Modified
2026-02-24
References
https://github.com/TandoorRecipes/recipes/commit/fdf22c5e745740db1fec29d6b4bd3df5d340e6ab https://github.com/TandoorRecipes/recipes/releases/tag/2.5.1 https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-j6xg-85mh-qqf7
Patch
https://github.com/TandoorRecipes/recipes/releases/
Share on: