CVE-2022-26662

Sažetak

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.

Reference

https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059
https://bugs.tryton.org/issue11244
https://lists.debian.org/debian-lts-announce/2022/03/msg00016.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00017.html
https://www.debian.org/security/2022/dsa-5098
https://www.debian.org/security/2022/dsa-5099

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

18-03-2022 - 15:07

Objavljeno

10-03-2022 - 17:47