CNNVD-202601-808 Information

CNNVD ID

CNNVD-202601-808

Related CVE

CVE-2025-68953

• CNNVD Published: 2026-01-05

Description (Chinese)

Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe Technologies Frappe 14.99.5及之前版本和15.0.0版本至15.80.1版本存在路径遍历漏洞，该漏洞源于某些请求缺少适当清理，可能导致路径遍历攻击。

Description (English)

Frappe Technologys Frappe is a Web development framework based on Python, Mariadb and integrated front-end pages of Frappe Technologys India. Frappe Technologies 14.99.5 and previous and 15.0.0 to 15.80.1 versions have path-to-path loopholes, which stem from the lack of proper clearance of certain requests and may lead to path-to-path attacks.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

Frappe Technologies

Published

2026-01-05

Last Modified

2026-02-24

References

https://github.com/frappe/frappe/commit/3867fb112c3f7be1a863e40f19e9235719f784fb https://github.com/frappe/frappe/commit/959efd6a498cfaeaf7d4e0ab6cca78c36192d34d https://github.com/frappe/frappe/security/advisories/GHSA-xj39-3g4p-f46v

Patch

https://frappe.io/framework