CVE-2022-26662

More information about this CVE will likely be available in a few days.

Description

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.

Related CPE's

Could not find any relations

References

https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059

https://bugs.tryton.org/issue11244

[debian-lts-announce] 20220310 [SECURITY] [DLA 2945-1] tryton-server security update

[debian-lts-announce] 20220311 [SECURITY] [DLA 2946-1] tryton-proteus security update

DSA-5098

DSA-5099

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io