CVE-2021-41155
8.8 HIGHTuleap is a Free & Open Source Suite to improve management of software developments and collaboration
Published: 2021-10-18 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-89
Affected products
| Vendor | Product |
|---|---|
| enalean | tuleap |
Description
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41155
- [Patch]https://github.com/Enalean/tuleap/commit/ff75f2899c60a4546ee2d532e68a3febd07bdd14
- [Patch]https://github.com/Enalean/tuleap/security/advisories/GHSA-f8jp-hx4q-wxvr
- [Patch]https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ff75f2899c60a4546ee2d532e68a3febd07bdd14
- [Vendor advisory]https://tuleap.net/plugins/tracker/?aid=16214
- [Patch]https://github.com/Enalean/tuleap/commit/ff75f2899c60a4546ee2d532e68a3febd07bdd14
- [Patch]https://github.com/Enalean/tuleap/security/advisories/GHSA-f8jp-hx4q-wxvr
- [Patch]https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ff75f2899c60a4546ee2d532e68a3febd07bdd14
- [Vendor advisory]https://tuleap.net/plugins/tracker/?aid=16214
Related CVEs
Same vendor
- CVE-2021-41154 — Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration (8.8 HIGH)
- CVE-2021-41148 — Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments (8.8 HIGH)
- CVE-2021-41147 — Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments (7.2 HIGH)
- CVE-2021-41142 — Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments (5.4 MEDIUM)
Same CWE
- CVE-2026-52715 — Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions (9.3 CRITICAL)
- CVE-2026-52712 — Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions (7.6 HIGH)
- CVE-2026-49772 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events C... (9.3 CRITICAL)
- CVE-2026-39581 — Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions (8.5 HIGH)
- CVE-2026-39574 — Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions (9.3 CRITICAL)