{"id":"CVE-2022-23071","details":"In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information.","modified":"2026-03-15T14:46:36.569126Z","published":"2022-06-19T11:15:07.810Z","references":[{"type":"FIX","url":"https://github.com/TandoorRecipes/recipes/commit/d48fe26a3529cc1ee903ffb2758dfd8f7efaba8c"},{"type":"FIX","url":"https://www.mend.io/vulnerability-database/CVE-2022-23071"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tandoorrecipes/recipes","events":[{"introduced":"2c5e44d73ca5cbe56783483559511f645612ff24"},{"last_affected":"378938812c8b1100bf054f9f31398fee4332d979"},{"fixed":"d48fe26a3529cc1ee903ffb2758dfd8f7efaba8c"}],"database_specific":{"versions":[{"introduced":"0.9.1"},{"last_affected":"1.2.5"}]}}],"versions":["0.10.0","0.10.1","0.11.0","0.11.1","0.11.2","0.12.0","0.12.1","0.13.0","0.14.0","0.14.1","0.14.2","0.14.3","0.14.4","0.14.5","0.15.0","0.15.1","0.15.2","0.16.0","0.16.1","0.16.2","0.16.3","0.16.4","0.16.5","0.16.6","0.16.7","0.16.8","0.17.0","0.17.1","0.17.2","0.17.3","0.17.4","0.18.0","0.9.1","0.9.2","1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.4.1","1.0.5","1.0.5.1","1.0.5.2","1.0.6","1.0.7","1.0.8","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23071.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}