PT-2021-23221 · Galette · Galette

Trasher

Published

2021-12-16

Updated

2021-12-22

CVE-2021-41260

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Galette versions prior to 0.9.6

Description Galette is a membership management web application built for non-profit organizations and released under GPLv3. The issue is related to the lack of checks for Cross Site Request Forgery attacks in versions prior to 0.9.6.

Recommendations For versions prior to 0.9.6, upgrade to version 0.9.6 as soon as possible. There are no known workarounds for this issue.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2021-41260

GHSA-HW28-C7PX-XQM5

Affected Products

Galette

PT-2021-23221 · Galette · Galette

CVE-2021-41260

Weakness Enumeration

Related Identifiers

Affected Products

References · 9