3 matches found
CVE-2019-20529
In core/doctype/preparedreport/preparedreport.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files no authentication is required to access; having a link is sufficient instead of private files...
EUVD-2019-11069
Malware in sbrugna...
Frappe has Possibility of Remote Code Execution due to improper validation
Impact A system user was able to create certain documents in a specific way that could lead to RCE. Workarounds There's no workaround, an upgrade is required. Credits Thanks to Thanh of Calif.io for reporting the issue...