Frappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used by malicious actors for phishing. This vulnerability is fixed in 15.26.0 and 14.74.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-05-09T14:25:25.979Z

Updated: 2024-08-02T02:43:00.126Z

Reserved: 2024-04-30T06:56:33.382Z

Link: CVE-2024-34074

cve-icon Vulnrichment

Updated: 2024-08-02T02:43:00.126Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-14T15:38:27.850

Modified: 2024-11-21T09:18:02.237

Link: CVE-2024-34074

cve-icon Redhat

No data.