CVE-2023-41328

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-41328
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41328.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-41328
Aliases
  • GHSA-53wh-f67g-9679
Published
2023-09-06T17:46:45.689Z
Modified
2026-04-10T05:03:10.542957Z
Severity
  • 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Possibility limited SQL injection due to insufficient validation in Frappe
Details

Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/41xxx/CVE-2023-41328.json"
}
References

Affected packages

Git / github.com/frappe/frappe

Affected ranges

Type
GIT
Repo
https://github.com/frappe/frappe
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9f46c2687f6b095fed5c58c161e41ea7cecfd463
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "13.46.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/frappe/frappe
Events
Introduced
5ff15f3026b849c854c988d4b0f01d894b4e6be9
Fixed
c7922a1f35b8d522fe910a1c1269f50f75f06b24
Database specific 
{
    "versions": [
        {
            "introduced": "14.0.0"
        },
        {
            "fixed": "14.20.0"
        }
    ]
}

Affected versions

12.*
12.0.0
4.*
4.0.0
4.0.0-beta1
v10.*
v10.0.0
v10.0.1
v10.0.2
v10.0.3
v11.*
v11.0.0-beta
v12.*
v12.0.0
v12.0.1
v12.0.10
v12.0.11
v12.0.12
v12.0.13
v12.0.14
v12.0.15
v12.0.16
v12.0.2
v12.0.3
v12.0.4
v12.0.5
v12.0.6
v12.0.7
v12.0.8
v12.0.9
v13.*
v13.0.0
v13.0.0-beta.1
v13.0.1
v13.0.2
v13.0.3
v13.1.0
v13.1.1
v13.1.2
v13.10.0
v13.11.0
v13.12.0
v13.12.1
v13.13.0
v13.14.0
v13.14.1
v13.15.0
v13.16.0
v13.17.0
v13.17.1
v13.18.0
v13.19.0
v13.2.0
v13.2.1
v13.2.2
v13.20.0
v13.20.1
v13.20.2
v13.21.0
v13.22.0
v13.22.1
v13.22.2
v13.23.0
v13.24.0
v13.25.0
v13.26.0
v13.26.1
v13.27.0
v13.28.0
v13.29.0
v13.29.1
v13.29.2
v13.3.0
v13.30.0
v13.31.0
v13.32.0
v13.32.1
v13.32.2
v13.33.0
v13.33.1
v13.34.0
v13.35.0
v13.35.1
v13.35.2
v13.36.0
v13.36.1
v13.36.2
v13.36.3
v13.37.0
v13.37.1
v13.38.0
v13.38.1
v13.39.0
v13.39.1
v13.4.0
v13.4.1
v13.40.0
v13.41.0
v13.41.1
v13.41.2
v13.41.3
v13.41.4
v13.41.5
v13.41.6
v13.41.7
v13.42.0
v13.43.0
v13.43.1
v13.43.2
v13.44.0
v13.45.0
v13.45.1
v13.45.2
v13.45.3
v13.46.0
v13.5.0
v13.5.1
v13.5.2
v13.6.0
v13.7.0
v13.8.0
v13.8.1
v13.9.0
v13.9.1
v14.*
v14.0.0
v14.0.1
v14.0.2
v14.1.0
v14.10.0
v14.11.0
v14.11.1
v14.12.0
v14.13.0
v14.14.0
v14.14.1
v14.14.2
v14.14.3
v14.15.0
v14.16.0
v14.17.0
v14.17.1
v14.18.0
v14.18.1
v14.19.0
v14.19.1
v14.2.0
v14.3.0
v14.4.0
v14.4.1
v14.4.2
v14.4.3
v14.5.0
v14.6.0
v14.7.0
v14.8.0
v14.9.0
v3.*
v3.1.0
v3.1.1
Other
v4-beta2
v4.*
v4.0.1
v4.10.0
v4.10.1
v4.10.2
v4.11.0
v4.11.1
v4.11.2
v4.11.3
v4.11.4
v4.12.0
v4.12.1
v4.12.2
v4.13.0
v4.13.1
v4.13.2
v4.13.3
v4.13.4
v4.13.5
v4.13.6
v4.14.0
v4.14.1
v4.14.2
v4.14.3
v4.3.0
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.5.0
v4.5.1
v4.5.2
v4.5.3
v4.5.4
v4.5.5
v4.5.6
v4.5.7
v4.5.8
v4.5.9
v4.6.0
v4.6.1
v4.7.0
v4.7.1
v4.8.0
v4.9.0
v4.9.1
v4.9.2
v4.9.3
v5.*
v5.0.0
v5.0.1
v5.0.10
v5.0.11
v5.0.12
v5.0.13
v5.0.14
v5.0.15
v5.0.16
v5.0.17
v5.0.18
v5.0.19
v5.0.2
v5.0.20
v5.0.21
v5.0.22
v5.0.23
v5.0.24
v5.0.25
v5.0.26
v5.0.27
v5.0.28
v5.0.29
v5.0.3
v5.0.30
v5.0.31
v5.0.32
v5.0.33
v5.0.34
v5.0.35
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.2.0
v5.2.1
v5.2.2
v5.3.0
v5.3.1
v5.4.0
v5.4.1
v5.4.2
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.1.0
v6.1.1
v6.1.2
v6.10.0
v6.10.1
v6.10.2
v6.10.3
v6.10.4
v6.11.0
v6.12.0
v6.12.1
v6.12.2
v6.12.3
v6.12.4
v6.13.0
v6.13.1
v6.13.2
v6.13.3
v6.13.4
v6.13.5
v6.14.0
v6.14.1
v6.15.0
v6.15.1
v6.15.2
v6.15.3
v6.15.4
v6.16.0
v6.16.1
v6.16.2
v6.16.3
v6.16.4
v6.17.0
v6.17.1
v6.17.2
v6.17.3
v6.17.4
v6.17.5
v6.17.6
v6.18.0
v6.18.1
v6.19.0
v6.19.1
v6.19.2
v6.19.3
v6.2.0
v6.20.0
v6.20.1
v6.20.2
v6.21.0
v6.22.0
v6.22.1
v6.22.2
v6.22.3
v6.22.4
v6.22.5
v6.22.6
v6.22.7
v6.23.0
v6.23.1
v6.23.2
v6.23.3
v6.24.0
v6.24.1
v6.24.10
v6.24.2
v6.24.3
v6.24.4
v6.24.5
v6.24.6
v6.24.7
v6.24.8
v6.24.9
v6.25.0
v6.25.1
v6.25.2
v6.25.3
v6.25.4
v6.25.5
v6.25.6
v6.26.0
v6.26.1
v6.26.2
v6.26.3
v6.26.4
v6.26.5
v6.26.6
v6.27.0
v6.27.1
v6.27.10
v6.27.11
v6.27.12
v6.27.13
v6.27.14
v6.27.15
v6.27.16
v6.27.17
v6.27.18
v6.27.19
v6.27.2
v6.27.20
v6.27.21
v6.27.22
v6.27.23
v6.27.24
v6.27.3
v6.27.4
v6.27.5
v6.27.6
v6.27.7
v6.27.8
v6.27.9
v6.3.0
v6.4.0
v6.4.1
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.4.6
v6.4.7
v6.4.8
v6.4.9
v6.5.0
v6.5.1
v6.5.2
v6.5.3
v6.5.4
v6.6.0
v6.6.1
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.7.0
v6.7.1
v6.7.10
v6.7.11
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8.0
v6.8.1
v6.8.2
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v7.*
v7.0.0
v7.0.1
v7.0.10
v7.0.11
v7.0.12
v7.0.13
v7.0.14
v7.0.15
v7.0.16
v7.0.17
v7.0.18
v7.0.19
v7.0.2
v7.0.20
v7.0.21
v7.0.22
v7.0.23
v7.0.24
v7.0.25
v7.0.26
v7.0.27
v7.0.28
v7.0.29
v7.0.3
v7.0.30
v7.0.31
v7.0.32
v7.0.33
v7.0.34
v7.0.35
v7.0.36
v7.0.37
v7.0.38
v7.0.39
v7.0.4
v7.0.40
v7.0.41
v7.0.42
v7.0.43
v7.0.44
v7.0.45
v7.0.46
v7.0.47
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.9
v7.1.0
v7.1.1
v7.1.10
v7.1.11
v7.1.12
v7.1.13
v7.1.14
v7.1.15
v7.1.16
v7.1.17
v7.1.18
v7.1.19
v7.1.2
v7.1.20
v7.1.21
v7.1.22
v7.1.23
v7.1.24
v7.1.25
v7.1.26
v7.1.27
v7.1.28
v7.1.29
v7.1.3
v7.1.4
v7.1.5
v7.1.6
v7.1.7
v7.1.8
v7.1.9
v7.2.0
v7.2.1
v7.2.10
v7.2.11
v7.2.12
v7.2.13
v7.2.14
v7.2.15
v7.2.16
v7.2.17
v7.2.18
v7.2.19
v7.2.2
v7.2.20
v7.2.21
v7.2.22
v7.2.23
v7.2.24
v7.2.25
v7.2.26
v7.2.27
v7.2.28
v7.2.29
v7.2.3
v7.2.30
v7.2.31
v7.2.4
v7.2.5
v7.2.6
v7.2.7
v7.2.8
v7.2.9
v8.*
v8.0.0
v8.0.1
v8.0.10
v8.0.11
v8.0.12
v8.0.13
v8.0.14
v8.0.15
v8.0.16
v8.0.17
v8.0.18
v8.0.19
v8.0.2
v8.0.20
v8.0.21
v8.0.22
v8.0.23
v8.0.24
v8.0.25
v8.0.26
v8.0.27
v8.0.28
v8.0.29
v8.0.3
v8.0.30
v8.0.31
v8.0.32
v8.0.33
v8.0.34
v8.0.35
v8.0.36
v8.0.37
v8.0.38
v8.0.39
v8.0.4
v8.0.40
v8.0.41
v8.0.42
v8.0.43
v8.0.44
v8.0.45
v8.0.46
v8.0.47
v8.0.48
v8.0.49
v8.0.5
v8.0.50
v8.0.51
v8.0.52
v8.0.53
v8.0.54
v8.0.55
v8.0.56
v8.0.57
v8.0.58
v8.0.59
v8.0.6
v8.0.60
v8.0.61
v8.0.62
v8.0.63
v8.0.64
v8.0.65
v8.0.66
v8.0.67
v8.0.68
v8.0.69
v8.0.7
v8.0.70
v8.0.71
v8.0.8
v8.0.9
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.1.4
v8.10.0
v8.10.1
v8.10.2
v8.10.3
v8.10.4
v8.10.5
v8.10.6
v8.10.7
v8.10.8
v8.10.9
v8.2.0
v8.2.1
v8.2.2
v8.2.3
v8.2.4
v8.2.5
v8.2.6
v8.2.7
v8.3.0
v8.3.1
v8.3.10
v8.3.2
v8.3.3
v8.3.4
v8.3.5
v8.3.6
v8.3.7
v8.3.8
v8.3.9
v8.4.0
v8.4.1
v8.5.0
v8.5.1
v8.5.2
v8.5.3
v8.5.4
v8.5.5
v8.5.6
v8.5.7
v8.5.8
v8.6.0
v8.6.1
v8.6.2
v8.6.3
v8.6.4
v8.6.5
v8.6.6
v8.6.7
v8.6.8
v8.7.0
v8.7.1
v8.7.10
v8.7.11
v8.7.2
v8.7.3
v8.7.4
v8.7.5
v8.7.6
v8.7.7
v8.7.8
v8.7.9
v8.8.0
v8.8.1
v8.8.2
v8.8.3
v8.8.4
v8.8.5
v8.9.0
v8.9.1
v8.9.2
v8.9.3
v8.9.4
v9.*
v9.0.0
v9.0.1
v9.0.10
v9.0.2
v9.0.3
v9.0.4
v9.0.5
v9.0.6
v9.0.7
v9.0.8
v9.0.9
v9.1.0
v9.1.1
v9.1.10
v9.1.11
v9.1.2
v9.1.3
v9.1.4
v9.1.5
v9.1.6
v9.1.7
v9.1.8
v9.1.9
v9.2.0
v9.2.1
v9.2.10
v9.2.11
v9.2.12
v9.2.13
v9.2.14
v9.2.15
v9.2.16
v9.2.17
v9.2.18
v9.2.19
v9.2.2
v9.2.20
v9.2.21
v9.2.22
v9.2.23
v9.2.24
v9.2.25
v9.2.3
v9.2.4
v9.2.5
v9.2.6
v9.2.7
v9.2.8
v9.2.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41328.json"