Unrated severityNVD Advisory· Published May 9, 2024· Updated Aug 2, 2024
Frappe vuilnerable to an open redirect on login page
CVE-2024-34074
Description
Frappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used by malicious actors for phishing. This vulnerability is fixed in 15.26.0 and 14.74.0.
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/frappe/frappe/commit/65b3c42635038cdff17d3109be6c373bac004829mitrex_refsource_MISC
- github.com/frappe/frappe/pull/26304mitrex_refsource_MISC
- github.com/frappe/frappe/security/advisories/GHSA-7g27-q225-j894mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.