Severity by source
AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWED_HOSTS = '*' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.build_absolute_uri() to generate absolute URLs in multiple contexts, including invite link emails, API pagination, and OpenAPI schema generation. An attacker who can send requests to the application with a crafted Host header can manipulate all server-generated absolute URLs. The most critical impact is invite link poisoning: when an admin creates an invite and the application sends the invite email, the link points to the attacker's server instead of the real application. When the victim clicks the link, the invite token is sent to the attacker, who can then use it at the real application. As of time of publication, it is unknown if a patched version is available.
AnalysisAI
Tandoor Recipes versions through 2.5.3 permit Host header injection attacks that enable invite link poisoning, allowing authenticated administrators with high privileges to be social-engineered into sending system-generated invite tokens to attacker-controlled servers. The Django application's default ALLOWED_HOSTS='*' configuration fails to validate HTTP Host headers, which combined with request.build_absolute_uri() usage allows manipulation of all absolute URLs including invite emails, API pagination, and OpenAPI schemas. No public exploit identified at time of analysis; CVSS 8.1 reflects network-based attack requiring high privileges and user interaction with changed scope.
Technical ContextAI
The vulnerability stems from CWE-644 (Improper Neutralization of HTTP Headers for Scripting Syntax) in Tandoor Recipes, a Python-based Django web application for recipe management (CPE: cpe:2.3:a:tandoorrecipes:recipes:*:*:*:*:*:*:*:*). Django's ALLOWED_HOSTS setting acts as a security control to validate the Host header in HTTP requests, preventing Host header injection attacks. When set to the wildcard '*', Django accepts any Host header value without validation. The application uses Django's request.build_absolute_uri() method to construct absolute URLs, which incorporates the Host header value. This affects multiple application contexts: invite link generation in email notifications, API pagination URLs, and OpenAPI schema generation. An attacker can craft malicious Host headers that propagate through these URL construction mechanisms, causing the application to generate URLs pointing to attacker-controlled domains instead of the legitimate application server.
RemediationAI
As of the publication date, patched version availability is unknown per the CVE description. Organizations should monitor the vendor security advisory at https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-x636-4jx6-xc4w for patch release announcements. As an interim mitigation, modify the Django configuration to set ALLOWED_HOSTS to an explicit list of legitimate domain names and IP addresses instead of the wildcard '*' value, ensuring only trusted Host header values are accepted. Deploy the application behind a reverse proxy (nginx, Apache, or cloud load balancer) configured to validate and normalize the Host header before forwarding requests to the Django application. Implement additional email security controls such as adding warning banners to invite emails that display the full URL and educating administrators to verify link destinations before clicking. Restrict invite creation permissions to the minimum necessary administrator accounts and implement audit logging for all invite generation activities. Consider implementing URL allowlisting in email templates to detect and block generation of invite links pointing to non-organizational domains.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16313