Safety vulnerability ID: 61995
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Frappe 14.49.0 includes a fix for CVE-2023-46127: A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection.
https://github.com/frappe/frappe/security/advisories/GHSA-j2w9-8xrr-7g98
Latest version: 0.0.1
Frappe placeholder package
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0. See CVE-2023-46127.
MISC:https://github.com/frappe/frappe/commit/3dc5d2fcc7561dde181ba953009fe6e39d64e900: https://github.com/frappe/frappe/commit/3dc5d2fcc7561dde181ba953009fe6e39d64e900
MISC:https://github.com/frappe/frappe/pull/22339: https://github.com/frappe/frappe/pull/22339
MISC:https://github.com/frappe/frappe/security/advisories/GHSA-j2w9-8xrr-7g98: https://github.com/frappe/frappe/security/advisories/GHSA-j2w9-8xrr-7g98
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application