0X.Hamy.1

**Name of the Vulnerable Software and Affected Versions** Frappe Learning versions prior to 2.38.0 **Description** Frappe Learning is a learning system used to structure content. Prior to version 2.38.0, student-uploaded assignment attachments were stored as public files, potentially exposing them to unauthorized access. Anyone possessing the file URL could access these files without authentication. **Recommendations** Update to version 2.38.0 or later to ensure student-uploaded assignment attachments are stored as private files by default.