Skip to main content

Recipes CVE-2024-0403

MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2024-03-01 help@fluidattacks.com
6.5
CVSS 3.1 · Vendor: fluidattacks
Share

Severity by source

Vendor (fluidattacks) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from Vendor (fluidattacks) · only source for this CVE.

CVSS VectorVendor: fluidattacks

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 01, 2024 - 00:15 cve.org
MEDIUM 6.5

DescriptionCVE.org

Recipes version 1.5.10 allows arbitrary HTTP requests to be made

through the server. This is possible because the application is

vulnerable to SSRF.

AnalysisAI

Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is vulnerable to SSRF. Affected products include: Tandoor Recipes. Version information: version 1.5.10.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-25991 HIGH POC
7.7 Feb 13

Tandoor Recipes prior to 2.5.1 contains a blind server-side request forgery vulnerability in the Cookmate recipe import

CVE-2025-57396 MEDIUM POC
6.5 Sep 19

Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. Rated medium severity (CVS

CVE-2022-23071 MEDIUM POC
6.5 Jun 19

In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” fu

CVE-2026-25964 MEDIUM POC
4.9 Feb 13

Path traversal in Tandoor Recipes prior to 2.5.1 allows authenticated users with import permissions to read arbitrary fi

CVE-2026-35488 HIGH
8.1 Apr 07

Privilege escalation in Tandoor Recipes prior to version 2.6.4 allows authenticated users with read-only shared access t

CVE-2026-35045 HIGH
8.1 Apr 06

Authenticated users can modify and expose private recipes in Tandoor Recipes through broken object-level authorization i

CVE-2022-23074 LOW POC
3.5 Jun 21

In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Ke

CVE-2022-23073 LOW POC
3.5 Jun 21

In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard funct

CVE-2022-23072 LOW POC
3.5 Jun 21

In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in “Add to Cart” functiona

CVE-2026-35489 HIGH
7.3 Apr 07

Unauthenticated API input validation flaws in Tandoor Recipes (<2.6.4) enable cross-tenant data leakage and denial of se

CVE-2026-33148 MEDIUM
6.5 Mar 26

Tandoor Recipes versions prior to 2.6.0 allow authenticated remote attackers to cause denial of service by injecting URL

Share

CVE-2024-0403 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy