Primary

Context

LaRecipe Server-Side Template Injection Vulnerability Allowing Remote Code Execution

Vulnerability

A Server-Side Template Injection (SSTI) vulnerability has been identified in LaRecipe versions prior to 2.8.1. This vulnerability could lead to Remote Code Execution (RCE) in vulnerable configurations, allowing attackers to execute arbitrary commands on the server, access sensitive environment variables, and escalate privileges depending on the server setup.

Impact

Exploitation of this vulnerability could result in arbitrary command execution on the server, unauthorized access to sensitive environment variables, and potential privilege escalation, depending on the server configuration.

Remediation

Users are strongly advised to upgrade to LaRecipe version 2.8.1 or later.

Added: Jul 14, 2025, 11:31 PM

Updated: Jul 14, 2025, 11:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.1

remediation

7.7

relevance

0.3

threat

3.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.1

remediation

7.7

relevance

0.3

threat

3.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LaRecipe Server-Side Template Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating