CVE-2022-26662 – tryton

Package

Manager: pip
Name: tryton
Vulnerable Version: =5.0.0 || =5.0.1 || =5.0.10 || =5.0.11 || =5.0.2 || =5.0.3 || =5.0.4 || =5.0.5 || =5.0.6 || =5.0.7 || =5.0.8 || =5.0.9 || =6.0.0 || =6.0.1 || =6.0.2 || =6.0.3 || =6.0.4 || =6.2.0 || =6.2.1 || >=5.0.0 <5.0.12

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.04112 pctl0.88162

Details

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.

Metadata

Created: 2022-03-10T17:47:00Z
Modified: 2024-11-21T14:57:07.796966Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F083
Auto approve: 1