Description
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.
Related CPE's
a
tryton
proteus
a
tryton
trytond
o
debian
debian_linux
References
https://bugs.tryton.org/issue11244
https://lists.debian.org/debian-lts-announce/2022/03/msg00016.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00017.html
https://www.debian.org/security/2022/dsa-5098
https://www.debian.org/security/2022/dsa-5099
https://bugs.tryton.org/issue11244
https://lists.debian.org/debian-lts-announce/2022/03/msg00016.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00017.html
https://www.debian.org/security/2022/dsa-5098
https://www.debian.org/security/2022/dsa-5099
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 · High
Information
Source identifier
Vulnerability status
Modified
Published
2022-03-10T16:47:52.560Z
4 years agoLast modified
2024-11-21T05:54:17.103Z
1 year ago