Описание
Frappe has possibility of SQL injection due to improper validations
Impact
An SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information.
Workarounds
Upgrading is required, no other workaround is present.
Credits
Thanks to Thanh of Calif.io for reporting the issue
Пакеты
Наименование
frappe
pip
Затронутые версииВерсия исправления
< 14.89.0
14.89.0
Наименование
frappe
pip
Затронутые версииВерсия исправления
>= 15.0.0, < 15.51.0
15.51.0
Связанные уязвимости
CVSS3: 7.5
nvd
11 месяцев назад
Frappe is a full-stack web application framework. An SQL Injection vulnerability has been identified in Frappe Framework prior to versions 14.89.0 and 15.51.0 which could allow a malicious actor to access sensitive information. Versions 14.89.0 and 15.51.0 fix the issue. Upgrading is required; no other workaround is present.