漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Frappe has Possibility of Remote Code Execution due to improper validation
Vulnerability Description
Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an upgrade is required.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Frappe Technologies Frappe Framework 输入验证错误漏洞
Vulnerability Description
Frappe Technologies Frappe Framework是印度Frappe Technologies公司的一款基于Python和JavaScript的元数据驱动的全栈Web应用程序框架。 Frappe Technologies Frappe Framework 14.91.0和15.52.0之前版本存在输入验证错误漏洞,该漏洞源于系统用户以特定方式创建文档可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A