CVE-2022-26661 – tryton

Package

Manager: pip
Name: tryton
Vulnerable Version: =5.0.0 || =5.0.1 || =5.0.10 || =5.0.11 || =5.0.2 || =5.0.3 || =5.0.4 || =5.0.5 || =5.0.6 || =5.0.7 || =5.0.8 || =5.0.9 || =6.0.0 || =6.0.1 || =6.0.2 || =6.0.3 || =6.0.4 || =6.2.0 || =6.2.1 || >=5.0.0 <5.0.12

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00474 pctl0.63827

Details

An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.

Metadata

Created: 2022-03-10T17:47:00Z
Modified: 2024-11-21T14:56:53.988996Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F083
Auto approve: 1