ГлавнаяУязвимости → CVE-2026-31877
9.8критическая

CVE-2026-31877

Описание

Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. This vulnerability is fixed in 15.84.0 and 14.99.0.

Затрагиваемое ПО
Frappe Frappe
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/frappe/frappe/security/advisories/GHSA-2c4m-999q-xhx4