Vulnerability Description
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enalean | Tuleap | < 11.17.99.146 |
Related Weaknesses (CWE)
References
- https://github.com/Enalean/tuleap/commit/ff75f2899c60a4546ee2d532e68a3febd07bdd1PatchThird Party Advisory
- https://github.com/Enalean/tuleap/security/advisories/GHSA-f8jp-hx4q-wxvrPatchThird Party Advisory
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ff75f2899c60a4546PatchVendor Advisory
- https://tuleap.net/plugins/tracker/?aid=16214Vendor Advisory
- https://github.com/Enalean/tuleap/commit/ff75f2899c60a4546ee2d532e68a3febd07bdd1PatchThird Party Advisory
- https://github.com/Enalean/tuleap/security/advisories/GHSA-f8jp-hx4q-wxvrPatchThird Party Advisory
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ff75f2899c60a4546PatchVendor Advisory
- https://tuleap.net/plugins/tracker/?aid=16214Vendor Advisory
FAQ
What is CVE-2021-41155?
CVE-2021-41155 is a vulnerability with a CVSS score of 8.8 (HIGH). Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL quer...
How severe is CVE-2021-41155?
CVE-2021-41155 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41155?
Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.