Candidate: CVE-2021-41262
PublicDate: 2021-12-16 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41262
 https://github.com/galette/galette/commit/8e940641b5ed46c3f471332827df388ea00a85d3
 https://github.com/galette/galette/security/advisories/GHSA-936f-xvgq-fg74
Description:
 Galette is a membership management web application built for non profit
 organizations and released under GPLv3. Versions prior to 0.9.6 are subject
 to SQL injection attacks by users with "member" privilege. Users are
 advised to upgrade to version 0.9.6 as soon as possible. There are no known
 workarounds.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_galette:
upstream_galette: needs-triage
trusty_galette: ignored (out of standard support)
xenial_galette: ignored (out of standard support)