Headline

GHSA-jv7x-xhv2-p5v2: LaRecipe is vulnerable to Server-Side Template Injection attacks

Impact

Attackers could:

Execute arbitrary commands on the server
Access sensitive environment variables
Escalate access depending on server configuration

A critical vulnerability was discovered in LaRecipe that allows an attacker to perform Server-Side Template Injection (SSTI), potentially leading to Remote Code Execution (RCE) in vulnerable configurations.

Patches

Users are strongly advised to upgrade to version v2.8.1 or later.

7 hours ago

ghsa

Open in Source

#vulnerability #git #rce

GitHub Advisory Database
GitHub Reviewed
CVE-2025-53833

LaRecipe is vulnerable to Server-Side Template Injection attacks

Critical severity GitHub Reviewed Published Jul 14, 2025 in saleem-hadad/larecipe • Updated Jul 14, 2025

Package

composer binarytorch/larecipe (Composer)

Affected versions

< 2.8.1

Impact

Attackers could:

Execute arbitrary commands on the server
Access sensitive environment variables
Escalate access depending on server configuration

Patches

Users are strongly advised to upgrade to version v2.8.1 or later.

References

GHSA-jv7x-xhv2-p5v2
saleem-hadad/larecipe#390
saleem-hadad/larecipe@c1d0d56

Published to the GitHub Advisory Database

Jul 14, 2025

Last updated

Jul 14, 2025

ghsa: Latest News

GHSA-32mf-57h2-64x9: XWiki Rendering is vulnerable to RCE attacks when processing nested macros

6 hours ago

ghsa

GHSA-w3wh-g4m9-783p: XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax

7 hours ago

ghsa

GHSA-jv7x-xhv2-p5v2: LaRecipe is vulnerable to Server-Side Template Injection attacks

7 hours ago

ghsa

GHSA-9548-qrrj-x5pj: AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections

9 hours ago

ghsa

GHSA-q28v-664f-q6wj: Indico vulnerability allows attackers to bulk dump user details

9 hours ago

ghsa