Yeuchimse

**Name of the Vulnerable Software and Affected Versions** Frappe Framework versions prior to 14.89.0 Frappe Framework versions prior to 15.51.0 **Description** A security issue has been identified in the Frappe Framework, which is a full-stack web application framework. The issue is related to SQL Injection, allowing a malicious actor to access sensitive information. **Recommendations** For versions prior to 14.89.0, upgrade to version 14.89.0 or later to resolve the issue. For versions prior to 15.51.0, upgrade to version 15.51.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Frappe versions prior to 14.91.0 and prior to 15.52.0 **Description** Frappe is a full-stack web application framework. A system user could create specific documents in a manner that allows for remote code execution. **Recommendations** Frappe versions prior to 14.91.0 must be upgraded to version 14.91.0 or later. Frappe versions prior to 15.52.0 must be upgraded to version 15.52.0 or later.

**Name of the Vulnerable Software and Affected Versions** Frappe versions prior to 14.89.0 Frappe versions prior to 15.51.0 **Description** The issue allows for information disclosure through crafted requests, potentially leading to account takeover. **Recommendations** For versions prior to 14.89.0, update to version 14.89.0 or later. For versions prior to 15.51.0, update to version 15.51.0 or later. At the moment, there is no information about other workarounds that can fix this issue without upgrading.