2026-03-11 18:32:04
GitHub_M
PUBLISHED
Frappe is a full-stack web application framework. Prior to 14.100.1, 15.100.0, and 16.6.0, a malicious user could send a crafted request to an endpoint which would lead to the server making an HTTP call to a service of the users choice. This vulnerability is fixed in 14.100.1, 15.100.0, and 16.6.0.