Описание
Frappe has possibility of SQL injection due to improper validations
Impact
SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information.
Workarounds
Upgrading is required, no other workaround is present.
Пакеты
Наименование
frappe
pip
Затронутые версииВерсия исправления
< 14.93.2
14.93.2
Наименование
frappe
pip
Затронутые версииВерсия исправления
>= 15.0.0, < 15.55.0
15.55.0
Связанные уязвимости
CVSS3: 7.5
nvd
11 месяцев назад
Frappe is a full-stack web application framework. Prior to versions 14.93.2 and 15.55.0, a SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information. Versions 14.93.2 and 15.55.0 contain a patch for the issue. No known workarounds are available.