Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading.
References
Link | Resource |
---|---|
https://github.com/frappe/frappe/releases/tag/v13.46.1 | Third Party Advisory |
https://github.com/frappe/frappe/releases/tag/v14.20.0 | Third Party Advisory |
https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679 | Third Party Advisory |
https://github.com/frappe/frappe/releases/tag/v13.46.1 | Third Party Advisory |
https://github.com/frappe/frappe/releases/tag/v14.20.0 | Third Party Advisory |
https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/frappe/frappe/releases/tag/v13.46.1 - Third Party Advisory | |
References | () https://github.com/frappe/frappe/releases/tag/v14.20.0 - Third Party Advisory | |
References | () https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.2 |
11 Sep 2023, 18:05
Type | Values Removed | Values Added |
---|---|---|
First Time |
Frappe
Frappe frappe |
|
CPE | cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://github.com/frappe/frappe/releases/tag/v13.46.1 - Third Party Advisory | |
References | (MISC) https://github.com/frappe/frappe/releases/tag/v14.20.0 - Third Party Advisory | |
References | (MISC) https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679 - Third Party Advisory |
06 Sep 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-06 18:15
Updated : 2024-11-21 08:21
NVD link : CVE-2023-41328
Mitre link : CVE-2023-41328
CVE.ORG link : CVE-2023-41328
JSON object : View
Products Affected
frappe
- frappe
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')