Candidate: CVE-2021-41260
PublicDate: 2021-12-16 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41260
 https://github.com/galette/galette/security/advisories/GHSA-hw28-c7px-xqm5
 https://github.com/galette/galette/commit/a5602bca2566f1be370631c3ab2d40feedd4b3ad
Description:
 Galette is a membership management web application built for non profit
 organizations and released under GPLv3. Versions prior to 0.9.6 do not
 check for Cross Site Request Forgery attacks. All users are advised to
 upgrade to 0.9.6 as soon as possible. There are no known workarounds for
 this issue.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_galette:
upstream_galette: needs-triage
trusty_galette: ignored (out of standard support)
xenial_galette: ignored (out of standard support)