CVE-2026-31878
Published
CVSS v3
5
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
Frappe is a full-stack web application framework. Prior to 14.100.1, 15.100.0, and 16.6.0, a malicious user could send a crafted request to an endpoint which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 14.100.1, 15.100.0, and 16.6.0.
Low code web framework for real world applications, in Python and Javascript
GitHub