GCVE - cpe:2.3:a:frappe:frappe:15.0.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:frappe:frappe:15.0.0:*:*:*:*:*:*:*

part: a version: 15.0.0 update: *

Vendor	Frappe (`a51f8b94-1fb6-5e30-97d7-fbeb544c71ba`)
Product	Frappe (`8a44176d-533c-53c6-aaf4-17dd3ac01c2a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/frappe/frappe`	purl2cpe	2026-06-01 10:17:00.332469

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-27105`	vulnerable	2026-06-03 14:55:16.621705	Frappe File Permissions can by bypassed using certain endpoints HIGH (8.1) Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds are available. Published: 2024-03-20T18:11:58.069Z Updated: 2024-08-02T17:38:02.805Z Open on db.gcve.eu Reference links https://github.com/frappe/frappe/security/advisories/GHSA-hq5v-q29v-7rcw	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.