{"id":"CVE-2019-14965","details":"An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists.","modified":"2026-07-08T16:07:37.770895Z","published":"2019-08-12T18:15:12.113Z","references":[{"type":"ADVISORY","url":"https://github.com/frappe/frappe/pull/8046"},{"type":"ADVISORY","url":"https://github.com/frappe/frappe/releases/tag/v12.0.4"},{"type":"FIX","url":"https://github.com/frappe/frappe/compare/v12.0.3...v12.0.4"},{"type":"FIX","url":"https://github.com/frappe/frappe/pull/8044"},{"type":"FIX","url":"https://github.com/frappe/frappe/pull/8045"},{"type":"FIX","url":"https://github.com/frappe/frappe/pull/8047"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/frappe/frappe","events":[{"introduced":"ad1d894685184484fc8ac0a7ad46831b1ee6130c"},{"fixed":"0de729ff3dc01a2140c16e8d6eaa9a489c85e3d1"}],"database_specific":{"source":["CPE_RANGE","REFERENCES"],"extracted_events":[{"introduced":"10.0.0"},{"fixed":"12.0.4"}],"cpe":"cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*"}}],"versions":["v12.0.3","v12.0.2","v12.0.1","v12.0.0","12.0.0","v11.0.0-beta","v10.0.3","v10.0.2","v10.0.1","v10.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14965.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}