CNNVD-202506-3784 Information
CNNVD ID
CNNVD-202506-3784
Related CVE
- CNNVD Published: 2025-06-30
Description (Chinese)
Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe Technologies Frappe 14.94.3之前版本和15.58.0之前版本存在信息泄露漏洞,该漏洞源于特制请求可能导致密码重置令牌泄露。
Description (English)
Frappe Technologys Frappe is a Web development framework based on Python, Mariadb and integrated front-end pages of Frappe Technologys India. There was a leak in previous versions of Frappe Technologies 14.94.3 and 15.58.0, which resulted from a special request that could lead to the disclosure of the password reset token.
Hazard Level
Low
Vulnerability Type
信息泄露
Affected Vendor
Frappe Technologies
Published
2025-06-30
Last Modified
2026-02-24
References
https://github.com/frappe/frappe/security/advisories/GHSA-p284-r7rh-wq7j https://github.com/frappe/frappe/commit/52e31337a6c964189c8b883a2f7bc3a28ab374f2 https://github.com/frappe/frappe/commit/5b4849b1ab5fd796b306312745b4e202b0e90d66 https://github.com/frappe/frappe/pull/31522 https://access.redhat.com/security/cve/cve-2025-52898
Patch
https://github.com/frappe/frappe/releases
Share on: