CVE-2024-34074
6.1MEDIUMFrappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used
Publicado: 5/14/2024Atualizado: 8/4/2025
Descrição
Frappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used by malicious actors for phishing. This vulnerability is fixed in 15.26.0 and 14.74.0.
Análise IADesenvolvido por IA
Produtos Afetados
frappefrappe
frappefrappe
Referências
- https://github.com/frappe/frappe/commit/65b3c42635038cdff17d3109be6c373bac004829Patch
- https://github.com/frappe/frappe/pull/26304Issue TrackingPatch
- https://github.com/frappe/frappe/security/advisories/GHSA-7g27-q225-j894Vendor Advisory
- https://github.com/frappe/frappe/commit/65b3c42635038cdff17d3109be6c373bac004829Patch
- https://github.com/frappe/frappe/pull/26304Issue TrackingPatch
- https://github.com/frappe/frappe/security/advisories/GHSA-7g27-q225-j894Vendor Advisory