CVE-2021-41142

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-41142
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41142.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-41142
Related
  • GHSA-p3j6-6h9h-34r5
Published
2021-10-14T16:15:09.617Z
Modified
2026-04-10T04:38:35.303954Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the capability to add and remove attachment to an artifact could force a victim to execute uncontrolled code. Tuleap Community Edition 11.17.99.146 and Tuleap Enterprise Edition 12.11-2 contain a fix for the issue.

References

Affected packages

Git / github.com/enalean/tuleap

Affected ranges

Type
GIT
Repo
https://github.com/enalean/tuleap
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d6c837ed6fa66d319175954a42f93d4d86745208
Type
GIT
Repo
https://github.com/enalean/tuleap
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d6c837ed6fa66d319175954a42f93d4d86745208

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41142.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "11.17.99.146"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "12.11-2"
            }
        ]
    }
]