CVE-2021-41154

Summary

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.

Affected Software

VendorProductVersion RangeStatus
Enaleantuleap< 11.17.99.144affected
Enaleantuleap>= 11.17-1, < 11.17-5affected
Enaleantuleap>= 11.16-1, < 11.16-7affected

Weaknesses

  • CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CVE Program Container

Additional References

References