CVE-2024-34074
6.1MEDIUMFrappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used
게시됨: 5/14/2024업데이트됨: 8/4/2025
설명
Frappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used by malicious actors for phishing. This vulnerability is fixed in 15.26.0 and 14.74.0.
AI 분석AI 기반
영향받는 제품
frappefrappe
frappefrappe
참조
- https://github.com/frappe/frappe/commit/65b3c42635038cdff17d3109be6c373bac004829Patch
- https://github.com/frappe/frappe/pull/26304Issue TrackingPatch
- https://github.com/frappe/frappe/security/advisories/GHSA-7g27-q225-j894Vendor Advisory
- https://github.com/frappe/frappe/commit/65b3c42635038cdff17d3109be6c373bac004829Patch
- https://github.com/frappe/frappe/pull/26304Issue TrackingPatch
- https://github.com/frappe/frappe/security/advisories/GHSA-7g27-q225-j894Vendor Advisory