CVE-2023-54345 Overview
CVE-2023-54345 is a sandbox escape vulnerability in Frappe Framework ERPNext 13.4.0. The flaw resides in the RestrictedPython sandbox used by the server script feature. Authenticated users with the System Manager role can escape the sandbox by abusing Python frame introspection through the gi_frame attribute. By traversing the call stack, attackers reach unrestricted built-ins and invoke os.popen to run arbitrary system commands. The issue is classified under CWE-94: Improper Control of Generation of Code.
Critical Impact
Authenticated System Manager users can achieve remote code execution on the underlying ERPNext host, leading to full confidentiality, integrity, and availability compromise.
Affected Products
- Frappe ERPNext 13.4.0
- Frappe Framework safe_exec.py sandbox component
- Server Script feature exposed via /app/server-script
Discovery Timeline
- 2026-05-05 - CVE-2023-54345 published to NVD
- 2026-05-05 - Last updated in NVD database
Technical Details for CVE-2023-54345
Vulnerability Analysis
Frappe Framework ships a Server Script feature that lets administrators execute Python inside a RestrictedPython sandbox. The sandbox is configured in frappe/utils/safe_exec.py and removes dangerous built-ins from the execution globals. However, generator and coroutine objects created within the sandbox expose the gi_frame attribute, which references the Python frame object used at runtime.
From the frame object, an attacker walks f_back references to reach an outer frame whose globals include unrestricted modules. Once an outer frame is reached, the attacker reads f_globals to access os or subprocess, then invokes os.popen to run shell commands. The result is arbitrary code execution under the privileges of the Frappe worker process.
Root Cause
The root cause is incomplete attribute filtering in the RestrictedPython configuration. The _getattr_ policy does not block frame-related attributes such as gi_frame, cr_frame, f_back, and f_globals. This allows sandboxed code to introspect the Python interpreter state and pivot from a restricted scope to an unrestricted one. The flaw maps to CWE-94, improper control of code generation in a sandboxed interpreter.
Attack Vector
Exploitation requires an authenticated account holding the System Manager role. The attacker submits a crafted Python payload to the /app/server-script endpoint, which stores and executes the script through the sandbox. The script defines a generator function, retrieves its frame via gi_frame, traverses f_back.f_back.f_globals to reach os, and calls os.popen("<command>").read(). The command runs on the ERPNext server with the permissions of the application service account.
A proof-of-concept payload and detailed write-up are available in the GitHub gist by lebr0nli, the UIUCTF Rattler write-up, Exploit-DB entry 51580, and the VulnCheck advisory.
Detection Methods for CVE-2023-54345
Indicators of Compromise
- New or modified Server Script documents created via /app/server-script referencing gi_frame, cr_frame, f_back, or f_globals.
- Frappe worker processes spawning shell interpreters such as sh, bash, or cmd.exe as direct child processes.
- Outbound connections from the ERPNext host to attacker-controlled domains shortly after Server Script execution.
- Unexpected files written to the Frappe sites/ directory or /tmp by the application user.
Detection Strategies
- Monitor HTTP requests to /app/server-script and /api/method/frappe.client.insert that submit Server Script payloads, and inspect bodies for frame-introspection keywords.
- Audit the tabServer Script table in the Frappe database for recently created or edited scripts containing gi_frame or __builtins__.
- Use process telemetry to identify Python interpreters running Frappe code that fork shells or call os.popen equivalents.
Monitoring Recommendations
- Centralize Frappe and web server logs and alert on Server Script create or update events outside change windows.
- Track all accounts assigned the System Manager role and review role assignments at least weekly.
- Baseline normal child processes of frappe, gunicorn, and python services so deviations trigger investigation.
How to Mitigate CVE-2023-54345
Immediate Actions Required
- Upgrade Frappe Framework and ERPNext to a version released after 13.4.0 that hardens the RestrictedPython attribute policy.
- Restrict the System Manager role to a minimal set of trusted administrators and enforce multi-factor authentication on those accounts.
- Disable the Server Script feature in environments where it is not actively required.
- Review the tabServer Script table for unauthorized entries and remove any scripts that reference frame attributes.
Patch Information
No specific vendor advisory URL is listed in the NVD entry. Refer to the Frappe GitHub repository for current releases and to the VulnCheck advisory for remediation guidance. Operators should move off the 13.4.0 branch and apply the latest stable patch level for their major version.
Workarounds
- Set server_script_enabled to false in the Frappe site configuration to block Server Script execution.
- Place the ERPNext administration interface behind a VPN or IP allowlist to limit reachability of /app/server-script.
- Run the Frappe worker under a dedicated low-privilege user with no shell and restrict filesystem and network egress with AppArmor or SELinux.
# Configuration example: disable server scripts in site_config.json
{
"server_script_enabled": false,
"developer_mode": 0,
"allow_tests": 0
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
