ERPNext Security Bulletin
This security bulletin contains detailed information about vulnerabilities affecting the Frappe Framework and ERPNext.
Disclaimer
- The listed vulnerabilities and exploits have been patched in all currently supported versions of Frappe.
- The list is to be considered as a comprehensive compendium of all the vulnerabilities and exploits.
- The disclosure of any valid reported issue will take place after 60 days from the reporting period.
- If any of the issues fixed haven't been added to the list, please contact us regarding the same.
- If you find any vulnerability or exploit in the system that needs to be fixed, please report it to us.
| Reference | Reported By | Affected Applications | Severity | CVE-2020-27508 | Sayed Redha shubber | Frappe V12 and V13 | Critical | CVE-2020-35175 | Mart Gil Robles | Frappe | Critical | CVE-2019-20529 | Sayed Redha Shubber | Frappe v11, Frappe v12 | Critical | CVE-2019-14967 | Netsparker | Frappe Framework | Moderate | CVE-2019-14965 | Eugene Kolodenker | Frappe, ERPNext | Moderate | CVE-2019-14966 | Eugene Kolodenker | Frappe, ERPNext | Critical | CVE-2019-7532 | Mikhail Klyuchnikov | Frappe v12 | Moderate | CVE-2019-7528 | Mikhail Klyuchnikov | Frappe v12, ERPNext v12 | Moderate | CVE-2019-7530 | Mikhail Klyuchnikov | Frappe v12, ERPNext v12 | Important | CVE-2019-7533 | Mikhail Klyuchnikov | Frappe v12 | Critical | CVE-2019-7531 | Brian Hyde | Frappe v11 | Important | CVE-2019-7529 | Anonymous | Frappe v10 | Moderate | CVE-2019-7534 | Brian Hyde | Frappe v10 | Moderate | CVE-2019-7527 | Kent Bayron | Frappe v10, ERPNext v10 | Moderate | CVE-2018-20207 | felixvarghese | Frappe v10 | Moderate |
|---|