Описание
Frappe has Possibility of Remote Code Execution due to improper validation
Impact
A system user was able to create certain documents in a specific way that could lead to RCE.
Workarounds
There's no workaround, an upgrade is required.
Credits
Thanks to Thanh of Calif.io for reporting the issue
Пакеты
Наименование
frappe
pip
Затронутые версииВерсия исправления
< 14.91.0
14.91.0
Наименование
frappe
pip
Затронутые версииВерсия исправления
>= 15.0.0, < 15.52.0
15.52.0
Связанные уязвимости
CVSS3: 8.8
nvd
11 месяцев назад
Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an upgrade is required.