Primary

Context

Frappe Press Email Flooding Vulnerability

Vulnerability

A vulnerability in the Frappe Press custom application, which manages various aspects of Frappe Cloud, has been identified. This issue allows a bad actor to flood a user's inbox by repeatedly sending duplicate invites. The vulnerability arises from a lack of proper validation and rate limits on the invitation system, enabling the abuse of invite functionality to disrupt user experience.

Impact

Exploitation of this vulnerability can lead to email flooding, causing disruption and inconvenience to users by overwhelming their inboxes with repeated invitation requests.

Remediation

Users can update to version 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615 to address this vulnerability.

Added: Sep 18, 2025, 4:09 PM

Updated: Sep 18, 2025, 4:09 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe Press Email Flooding Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating