CVE-2023-41328

Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*
cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*

History

11 Sep 2023, 18:05

Type Values Removed Values Added
First Time Frappe
Frappe frappe
CPE cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References (MISC) https://github.com/frappe/frappe/releases/tag/v13.46.1 - (MISC) https://github.com/frappe/frappe/releases/tag/v13.46.1 - Third Party Advisory
References (MISC) https://github.com/frappe/frappe/releases/tag/v14.20.0 - (MISC) https://github.com/frappe/frappe/releases/tag/v14.20.0 - Third Party Advisory
References (MISC) https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679 - (MISC) https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679 - Third Party Advisory

06 Sep 2023, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-06 18:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-41328

Mitre link : CVE-2023-41328

CVE.ORG link : CVE-2023-41328


JSON object : View

Products Affected

frappe

  • frappe
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')