Vulnerability Description
Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Frappe | Frappe | < 13.46.1 |
Related Weaknesses (CWE)
References
- https://github.com/frappe/frappe/releases/tag/v13.46.1Third Party Advisory
- https://github.com/frappe/frappe/releases/tag/v14.20.0Third Party Advisory
- https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679Third Party Advisory
- https://github.com/frappe/frappe/releases/tag/v13.46.1Third Party Advisory
- https://github.com/frappe/frappe/releases/tag/v14.20.0Third Party Advisory
- https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679Third Party Advisory
FAQ
What is CVE-2023-41328?
CVE-2023-41328 is a vulnerability with a CVSS score of 4.2 (MEDIUM). Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive i...
How severe is CVE-2023-41328?
CVE-2023-41328 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-41328?
Check the references section above for vendor advisories and patch information. Affected products include: Frappe Frappe.