Описание
Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 13.46.1 (исключая)Версия от 14.0.0 (включая) до 14.20.0 (исключая)
Одно из
cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*
cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00195
Низкий
4.2 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-89
EPSS
Процентиль: 41%
0.00195
Низкий
4.2 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-89