Hello Everyone,
With Frappe v10.1.38, we have released the fixes to prevent SQL Injection via Fields and Filters parameters.
Please Pull the latest updates to enhance the security of your systems.
If you come across any vulnerability, please report them at report@erpnext.com