Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-jv7x-xhv2-p5v2

GitHub Security Advisory

LaRecipe is vulnerable to Server-Side Template Injection attacks

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

### Impact
Attackers could:
1. Execute arbitrary commands on the server
2. Access sensitive environment variables
3. Escalate access depending on server configuration

A critical vulnerability was discovered in LaRecipe that allows an attacker to perform Server-Side Template Injection (SSTI), potentially leading to Remote Code Execution (RCE) in vulnerable configurations.

### Patches
Users are strongly advised to upgrade to version v2.8.1 or later.

### Credit
We would like to thank **Roman Ananev** for responsibly identifying and reporting this vulnerability.

Affected Packages

Packagist binarytorch/larecipe
Affected versions: 0 (fixed in 2.8.1)

Related CVEs

CVE-2025-53833

Key Information

GHSA ID
GHSA-jv7x-xhv2-p5v2
Published
July 14, 2025 9:22 PM
Last Modified
July 28, 2025 4:50 PM
CVSS Score
9.0 /10
Primary Ecosystem
Packagist
Primary Package
binarytorch/larecipe
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.