CVE-2021-41232: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

November 2, 2021 (updated February 8, 2024)

Thunderdome is an open source agile planning poker tool in the theme of Battling for points. The provided username is not properly escaped. This issue has been patched If users are unable to update they should disable the LDAP feature if in use.

References

github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-26cm-qrc6-mfgj
nvd.nist.gov/vuln/detail/CVE-2021-41232

Code Behaviors & Features

Detect and mitigate CVE-2021-41232 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →