Frappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used by malicious actors for phishing. This vulnerability is fixed in 15.26.0 and 14.74.0.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-05-09T14:25:25.979Z
Updated: 2024-08-02T02:43:00.126Z
Reserved: 2024-04-30T06:56:33.382Z
Link: CVE-2024-34074
Vulnrichment
Updated: 2024-08-02T02:43:00.126Z
NVD
Status : Awaiting Analysis
Published: 2024-05-14T15:38:27.850
Modified: 2024-11-21T09:18:02.237
Link: CVE-2024-34074
Redhat
No data.