← voltar
CVE-2023-41328

Possibility limited SQL injection due to insufficient validation in Frappe

CVSS 4.2 MEDIUMEPSS 0.4%CWE-89
Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Produtos afetados
frappe · frappe

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/frappe/frappe/releases/tag/v13.46.1https://github.com/frappe/frappe/releases/tag/v14.20.0https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679