Vulnerability Description
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Galette | Galette | < 0.9.6 |
Related Weaknesses (CWE)
References
- https://github.com/galette/galette/commit/a5602bca2566f1be370631c3ab2d40feedd4b3PatchThird Party Advisory
- https://github.com/galette/galette/security/advisories/GHSA-hw28-c7px-xqm5Third Party Advisory
- https://github.com/galette/galette/commit/a5602bca2566f1be370631c3ab2d40feedd4b3PatchThird Party Advisory
- https://github.com/galette/galette/security/advisories/GHSA-hw28-c7px-xqm5Third Party Advisory
FAQ
What is CVE-2021-41260?
CVE-2021-41260 is a vulnerability with a CVSS score of 8.2 (HIGH). Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users a...
How severe is CVE-2021-41260?
CVE-2021-41260 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41260?
Check the references section above for vendor advisories and patch information. Affected products include: Galette Galette.