Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading.
References
Link | Resource |
---|---|
https://github.com/frappe/frappe/releases/tag/v13.46.1 | Third Party Advisory |
https://github.com/frappe/frappe/releases/tag/v14.20.0 | Third Party Advisory |
https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-09-06T17:46:45.689Z
Updated: 2023-09-06T17:46:45.689Z
Reserved: 2023-08-28T16:56:43.366Z
Link: CVE-2023-41328
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-09-06T18:15:09.047
Modified: 2023-09-11T18:05:46.093
Link: CVE-2023-41328
JSON object: View
Redhat Information
No data.
CWE