Houssam Drissi

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 14.94.3 Frappe versions prior to 15.58.0 Description: The issue is related to a SQL injection vulnerability that could be achieved via a specially crafted request, potentially allowing malicious individuals to gain access to sensitive information. Recommendations: For versions prior to 14.94.3, upgrade to version 14.94.3 or later. For versions prior to 15.58.0, upgrade to version 15.58.0 or later.

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 14.94.3 Frappe versions prior to 15.58.0 Description: A carefully crafted request could lead to a malicious actor getting access to a user's password reset token. This issue can only be exploited on self-hosted instances configured in a certain way. Frappe Cloud users are not affected. Recommendations: For self-hosted users, upgrade to version 14.94.3 or later. For self-hosted users, upgrade to version 15.58.0 or later. As a temporary workaround, consider verifying password reset URLs before clicking on them.