GHSA-qrv3-jc3h-f3m6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qrv3-jc3h-f3m6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-qrv3-jc3h-f3m6/GHSA-qrv3-jc3h-f3m6.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qrv3-jc3h-f3m6
- Aliases
-
- CVE-2025-30214
- Published
- 2025-03-25T16:40:10Z
- Modified
- 2025-03-25T17:16:31.813323Z
- Severity
-
- 8.0 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- Frappe vulnerable to information disclosure leading to account takeover
- Details
-
Impact
Making crafted requests could lead to information disclosure that could further lead to account takeover.
Workarounds
There's no workaround to fix this without upgrading.
Credits
Thanks to Thanh of Calif.io for reporting the issue
- Database specific
{ "nvd_published_at": "2025-03-25T15:15:26Z", "cwe_ids": [ "CWE-200" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2025-03-25T16:40:10Z" }- References
Affected packages
PyPI / frappe
Package
- Name
- frappe
- View open source insights on deps.dev
- Purl
- pkg:pypi/frappe
PyPI / frappe
Package
- Name
- frappe
- View open source insights on deps.dev
- Purl
- pkg:pypi/frappe