First published: Mon Oct 18 2021(Updated: )
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Enalean Tuleap | <11.17.99.146 | |
Enalean Tuleap | >=11.16-1<11.16-7 | |
Enalean Tuleap | >=11.17-1<11.17-5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-41155 is a vulnerability in Tuleap, an open-source suite for software development and collaboration, where user inputs are not properly sanitized when constructing SQL queries, potentially allowing for SQL injection attacks.
CVE-2021-41155 has a severity rating of 8.8, which is considered high.
CVE-2021-41155 affects Tuleap versions up to 11.17.99.146 (community edition) and certain versions in the range 11.16-1 to 11.16-7 and 11.17-1 to 11.17-5 (enterprise edition).
To fix CVE-2021-41155, upgrade to Tuleap version 11.17.99.146 (community edition) or versions outside the affected range (enterprise edition).
The CWE ID for CVE-2021-41155 is CWE-89, which refers to Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection').