CNNVD-202512-030 Information
Dec 01, 2025
cve
CNNVD ID
CNNVD-202512-030
Related CVE
- CNNVD Published: 2025-12-01
Description (Chinese)
Frappe Technologies Frappe是印度Frappe Technologies公司的一款基于Python和JavaScript的元数据驱动的全栈Web应用程序框架。 Frappe Technologies Frappe 15.86.0之前版本和14.99.2之前版本存在路径遍历漏洞,该漏洞源于路径遍历攻击,可能导致服务器文件泄露。
Description (English)
Frappe Technologies Frappe is an all-house Web application framework based on metadata driven by Python and JavaScript by Frappe Technologies of India. There is a loophole in the path before Frappe Technologies 15.86.0 and before 14.99.2, which stems from the path attack and could lead to the disclosure of server documents.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
Frappe Technologies
Published
2025-12-01
Last Modified
2026-02-24
References
https://github.com/frappe/frappe/security/advisories/GHSA-v4wg-gqfr-rpjm
Patch
https://github.com/frappe/frappe/releases
Share on: