Unrated severityNVD Advisory· Published Oct 18, 2021· Updated Aug 4, 2024

SQL injection in CVS revisions browser

CVE-2021-41155

Description

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.

Affected products

Enalean/Tuleapv5
Range: < 11.17.99.146

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Enalean/tuleap/commit/ff75f2899c60a4546ee2d532e68a3febd07bdd14mitrex_refsource_MISC
github.com/Enalean/tuleap/security/advisories/GHSA-f8jp-hx4q-wxvrmitrex_refsource_CONFIRM
tuleap.net/plugins/git/tuleap/tuleap/stablemitrex_refsource_MISC
tuleap.net/plugins/tracker/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000