CVE-2024-24813

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-24813

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24813.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-24813

Aliases

GHSA-fxfv-7gwx-54jh

Published

2024-03-20T18:11:34.165Z

Modified

2026-04-10T05:09:53.933853Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Frappe SQL Injection from reporting logic

Details

Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn't have permission to access. Versions 14.64.0 and 15.0.0 contain a patch for this issue. No known workarounds are available.

Database specific

{
    "cwe_ids": [
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24813.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/frappe/frappe

Affected ranges

Type: GIT
Repo: https://github.com/frappe/frappe
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6d8fbacf9906f52d28e6f7e94157031fa659a00a

Affected versions

12.*

12.0.0

4.*

4.0.0

4.0.0-beta1

v10.*

v10.0.0

v10.0.1

v10.0.2

v10.0.3

v11.*

v11.0.0-beta

v12.*

v12.0.0

v12.0.1

v12.0.10

v12.0.11

v12.0.12

v12.0.13

v12.0.14

v12.0.15

v12.0.16

v12.0.2

v12.0.3

v12.0.4

v12.0.5

v12.0.6

v12.0.7

v12.0.8

v12.0.9

v14.*

v14.0.0

v14.0.1

v14.0.2

v14.1.0

v14.10.0

v14.11.0

v14.11.1

v14.12.0

v14.13.0

v14.14.0

v14.14.1

v14.14.2

v14.14.3

v14.15.0

v14.16.0

v14.17.0

v14.17.1

v14.18.0

v14.18.1

v14.19.0

v14.19.1

v14.2.0

v14.20.0

v14.21.0

v14.21.1

v14.22.0

v14.22.1

v14.23.0

v14.24.0

v14.25.0

v14.25.1

v14.25.2

v14.25.3

v14.25.4

v14.26.0

v14.26.1

v14.26.2

v14.26.3

v14.26.4

v14.27.0

v14.28.0

v14.28.1

v14.28.2

v14.29.0

v14.29.1

v14.29.2

v14.3.0

v14.30.0

v14.31.0

v14.32.0

v14.32.1

v14.33.0

v14.33.1

v14.34.0

v14.35.0

v14.36.0

v14.36.1

v14.36.2

v14.36.3

v14.37.0

v14.37.1

v14.38.0

v14.38.1

v14.38.2

v14.38.3

v14.39.0

v14.4.0

v14.4.1

v14.4.2

v14.4.3

v14.40.0

v14.40.1

v14.40.2

v14.40.3

v14.41.0

v14.42.0

v14.43.0

v14.43.1

v14.44.0

v14.45.0

v14.46.0

v14.47.0

v14.47.1

v14.47.2

v14.48.0

v14.48.1

v14.49.0

v14.5.0

v14.50.0

v14.51.0

v14.52.0

v14.52.1

v14.52.2

v14.53.0

v14.53.1

v14.53.2

v14.54.0

v14.54.1

v14.55.0

v14.55.1

v14.56.0

v14.56.1

v14.57.0

v14.58.0

v14.59.0

v14.6.0

v14.60.0

v14.61.0

v14.62.0

v14.62.1

v14.62.2

v14.62.3

v14.62.4

v14.63.0

v14.7.0

v14.8.0

v14.9.0

v3.*

v3.1.0

v3.1.1

Other

v4-beta2

v4.*

v4.0.1

v4.10.0

v4.10.1

v4.10.2

v4.11.0

v4.11.1

v4.11.2

v4.11.3

v4.11.4

v4.12.0

v4.12.1

v4.12.2

v4.13.0

v4.13.1

v4.13.2

v4.13.3

v4.13.4

v4.13.5

v4.13.6

v4.14.0

v4.14.1

v4.14.2

v4.14.3

v4.3.0

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

v4.5.0

v4.5.1

v4.5.2

v4.5.3

v4.5.4

v4.5.5

v4.5.6

v4.5.7

v4.5.8

v4.5.9

v4.6.0

v4.6.1

v4.7.0

v4.7.1

v4.8.0

v4.9.0

v4.9.1

v4.9.2

v4.9.3

v5.*

v5.0.0

v5.0.1

v5.0.10

v5.0.11

v5.0.12

v5.0.13

v5.0.14

v5.0.15

v5.0.16

v5.0.17

v5.0.18

v5.0.19

v5.0.2

v5.0.20

v5.0.21

v5.0.22

v5.0.23

v5.0.24

v5.0.25

v5.0.26

v5.0.27

v5.0.28

v5.0.29

v5.0.3

v5.0.30

v5.0.31

v5.0.32

v5.0.33

v5.0.34

v5.0.35

v5.0.4

v5.0.5

v5.0.6

v5.0.7

v5.0.8

v5.0.9

v5.1.0

v5.1.1

v5.1.2

v5.1.3

v5.1.4

v5.1.5

v5.2.0

v5.2.1

v5.2.2

v5.3.0

v5.3.1

v5.4.0

v5.4.1

v5.4.2

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.0.8

v6.1.0

v6.1.1

v6.1.2

v6.10.0

v6.10.1

v6.10.2

v6.10.3

v6.10.4

v6.11.0

v6.12.0

v6.12.1

v6.12.2

v6.12.3

v6.12.4

v6.13.0

v6.13.1

v6.13.2

v6.13.3

v6.13.4

v6.13.5

v6.14.0

v6.14.1

v6.15.0

v6.15.1

v6.15.2

v6.15.3

v6.15.4

v6.16.0

v6.16.1

v6.16.2

v6.16.3

v6.16.4

v6.17.0

v6.17.1

v6.17.2

v6.17.3

v6.17.4

v6.17.5

v6.17.6

v6.18.0

v6.18.1

v6.19.0

v6.19.1

v6.19.2

v6.19.3

v6.2.0

v6.20.0

v6.20.1

v6.20.2

v6.21.0

v6.22.0

v6.22.1

v6.22.2

v6.22.3

v6.22.4

v6.22.5

v6.22.6

v6.22.7

v6.23.0

v6.23.1

v6.23.2

v6.23.3

v6.24.0

v6.24.1

v6.24.10

v6.24.2

v6.24.3

v6.24.4

v6.24.5

v6.24.6

v6.24.7

v6.24.8

v6.24.9

v6.25.0

v6.25.1

v6.25.2

v6.25.3

v6.25.4

v6.25.5

v6.25.6

v6.26.0

v6.26.1

v6.26.2

v6.26.3

v6.26.4

v6.26.5

v6.26.6

v6.27.0

v6.27.1

v6.27.10

v6.27.11

v6.27.12

v6.27.13

v6.27.14

v6.27.15

v6.27.16

v6.27.17

v6.27.18

v6.27.19

v6.27.2

v6.27.20

v6.27.21

v6.27.22

v6.27.23

v6.27.24

v6.27.3

v6.27.4

v6.27.5

v6.27.6

v6.27.7

v6.27.8

v6.27.9

v6.3.0

v6.4.0

v6.4.1

v6.4.2

v6.4.3

v6.4.4

v6.4.5

v6.4.6

v6.4.7

v6.4.8

v6.4.9

v6.5.0

v6.5.1

v6.5.2

v6.5.3

v6.5.4

v6.6.0

v6.6.1

v6.6.2

v6.6.3

v6.6.4

v6.6.5

v6.7.0

v6.7.1

v6.7.10

v6.7.11

v6.7.2

v6.7.3

v6.7.4

v6.7.5

v6.7.6

v6.7.7

v6.7.8

v6.7.9

v6.8.0

v6.8.1

v6.8.2

v6.9.0

v6.9.1

v6.9.2

v6.9.3

v7.*

v7.0.0

v7.0.1

v7.0.10

v7.0.11

v7.0.12

v7.0.13

v7.0.14

v7.0.15

v7.0.16

v7.0.17

v7.0.18

v7.0.19

v7.0.2

v7.0.20

v7.0.21

v7.0.22

v7.0.23

v7.0.24

v7.0.25

v7.0.26

v7.0.27

v7.0.28

v7.0.29

v7.0.3

v7.0.30

v7.0.31

v7.0.32

v7.0.33

v7.0.34

v7.0.35

v7.0.36

v7.0.37

v7.0.38

v7.0.39

v7.0.4

v7.0.40

v7.0.41

v7.0.42

v7.0.43

v7.0.44

v7.0.45

v7.0.46

v7.0.47

v7.0.5

v7.0.6

v7.0.7

v7.0.8

v7.0.9

v7.1.0

v7.1.1

v7.1.10

v7.1.11

v7.1.12

v7.1.13

v7.1.14

v7.1.15

v7.1.16

v7.1.17

v7.1.18

v7.1.19

v7.1.2

v7.1.20

v7.1.21

v7.1.22

v7.1.23

v7.1.24

v7.1.25

v7.1.26

v7.1.27

v7.1.28

v7.1.29

v7.1.3

v7.1.4

v7.1.5

v7.1.6

v7.1.7

v7.1.8

v7.1.9

v7.2.0

v7.2.1

v7.2.10

v7.2.11

v7.2.12

v7.2.13

v7.2.14

v7.2.15

v7.2.16

v7.2.17

v7.2.18

v7.2.19

v7.2.2

v7.2.20

v7.2.21

v7.2.22

v7.2.23

v7.2.24

v7.2.25

v7.2.26

v7.2.27

v7.2.28

v7.2.29

v7.2.3

v7.2.30

v7.2.31

v7.2.4

v7.2.5

v7.2.6

v7.2.7

v7.2.8

v7.2.9

v8.*

v8.0.0

v8.0.1

v8.0.10

v8.0.11

v8.0.12

v8.0.13

v8.0.14

v8.0.15

v8.0.16

v8.0.17

v8.0.18

v8.0.19

v8.0.2

v8.0.20

v8.0.21

v8.0.22

v8.0.23

v8.0.24

v8.0.25

v8.0.26

v8.0.27

v8.0.28

v8.0.29

v8.0.3

v8.0.30

v8.0.31

v8.0.32

v8.0.33

v8.0.34

v8.0.35

v8.0.36

v8.0.37

v8.0.38

v8.0.39

v8.0.4

v8.0.40

v8.0.41

v8.0.42

v8.0.43

v8.0.44

v8.0.45

v8.0.46

v8.0.47

v8.0.48

v8.0.49

v8.0.5

v8.0.50

v8.0.51

v8.0.52

v8.0.53

v8.0.54

v8.0.55

v8.0.56

v8.0.57

v8.0.58

v8.0.59

v8.0.6

v8.0.60

v8.0.61

v8.0.62

v8.0.63

v8.0.64

v8.0.65

v8.0.66

v8.0.67

v8.0.68

v8.0.69

v8.0.7

v8.0.70

v8.0.71

v8.0.8

v8.0.9

v8.1.0

v8.1.1

v8.1.2

v8.1.3

v8.1.4

v8.10.0

v8.10.1

v8.10.2

v8.10.3

v8.10.4

v8.10.5

v8.10.6

v8.10.7

v8.10.8

v8.10.9

v8.2.0

v8.2.1

v8.2.2

v8.2.3

v8.2.4

v8.2.5

v8.2.6

v8.2.7

v8.3.0

v8.3.1

v8.3.10

v8.3.2

v8.3.3

v8.3.4

v8.3.5

v8.3.6

v8.3.7

v8.3.8

v8.3.9

v8.4.0

v8.4.1

v8.5.0

v8.5.1

v8.5.2

v8.5.3

v8.5.4

v8.5.5

v8.5.6

v8.5.7

v8.5.8

v8.6.0

v8.6.1

v8.6.2

v8.6.3

v8.6.4

v8.6.5

v8.6.6

v8.6.7

v8.6.8

v8.7.0

v8.7.1

v8.7.10

v8.7.11

v8.7.2

v8.7.3

v8.7.4

v8.7.5

v8.7.6

v8.7.7

v8.7.8

v8.7.9

v8.8.0

v8.8.1

v8.8.2

v8.8.3

v8.8.4

v8.8.5

v8.9.0

v8.9.1

v8.9.2

v8.9.3

v8.9.4

v9.*

v9.0.0

v9.0.1

v9.0.10

v9.0.2

v9.0.3

v9.0.4

v9.0.5

v9.0.6

v9.0.7

v9.0.8

v9.0.9

v9.1.0

v9.1.1

v9.1.10

v9.1.11

v9.1.2

v9.1.3

v9.1.4

v9.1.5

v9.1.6

v9.1.7

v9.1.8

v9.1.9

v9.2.0

v9.2.1

v9.2.10

v9.2.11

v9.2.12

v9.2.13

v9.2.14

v9.2.15

v9.2.16

v9.2.17

v9.2.18

v9.2.19

v9.2.2

v9.2.20

v9.2.21

v9.2.22

v9.2.23

v9.2.24

v9.2.25

v9.2.3

v9.2.4

v9.2.5

v9.2.6

v9.2.7

v9.2.8

v9.2.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24813.json"