PT-2019-13899 · Frappe · Frappe Framework
Publicado
2019-08-12
·
Atualizado
2020-08-24
·
CVE-2019-14965
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Frappe Framework versions 10 through 12 before 12.0.4
Description
A server-side template injection issue exists. This issue allows for the injection of templates on the server side, potentially leading to unauthorized access or data manipulation.
Recommendations
For Frappe Framework versions 10 through 12 before 12.0.4, update to version 12.0.4 or later to resolve the issue.
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Frappe Framework