Description
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/galette/galette/security/advisories/GHSA-hw28-c7px-xqm5
Patch, Third Party Advisory x_refsource_misc
https://github.com/galette/galette/commit/a5602bca2566f1be370631c3ab2d40feedd4b3ad
Scores
CVSS v3
8.2
EPSS
0.0016
EPSS Percentile
36.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Details
CWE
CWE-352
Status
published
Products (1)
galette/galette
< 0.9.6
Published
Dec 16, 2021
Tracked Since
Feb 18, 2026