Product
Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability allowing authenticated users with System Manager role to execute arbitrary code via frame introspection and `os.popen`.