Описание
Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an upgrade is required.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 14.91.0 (исключая)Версия от 15.0.0 (включая) до 15.52.0 (исключая)
Одно из
cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*
cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00719
Низкий
8.8 High
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo
Связанные уязвимости
github
11 месяцев назад
Frappe has Possibility of Remote Code Execution due to improper validation
EPSS
Процентиль: 72%
0.00719
Низкий
8.8 High
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo