CVE-2021-41155
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Enalean | tuleap | < 11.17.99.146 | affected |
| Enalean | tuleap | >= 11.17-1, < 11.17-5 | affected |
| Enalean | tuleap | >= 11.16-1, < 11.16-7 | affected |
Weaknesses
- CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/Enalean/tuleap/security/advisories/GHSA-f8jp-hx4q-wxvr
- https://github.com/Enalean/tuleap/commit/ff75f2899c60a4546ee2d532e68a3febd07bdd14
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ff75f2899c60a4546ee2d532e68a3febd07bdd14
- https://tuleap.net/plugins/tracker/?aid=16214
References
- https://github.com/Enalean/tuleap/security/advisories/GHSA-f8jp-hx4q-wxvr
- https://github.com/Enalean/tuleap/commit/ff75f2899c60a4546ee2d532e68a3febd07bdd14
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ff75f2899c60a4546ee2d532e68a3febd07bdd14
- https://tuleap.net/plugins/tracker/?aid=16214
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.