CVE-2022-41712

Source
https://cve.org/CVERecord?id=CVE-2022-41712
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41712.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-41712
Published
2022-11-25T00:00:00Z
Modified
2026-07-15T01:48:51.138565910Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41712.json",
    "cna_assigner": "Fluid Attacks"
}
References

Affected packages

Git / github.com/frappe/frappe

Affected ranges

Type
GIT
Repo
https://github.com/frappe/frappe
Events
Database specific
{
    "cpe": "cpe:2.3:a:frappe:frappe:14.10.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "14.10.0"
        },
        {
            "last_affected": "14.10.0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_STRING"
    ]
}

Affected versions

14.*
14.10.0
v14.*
v14.10.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41712.json"