CVE-2022-26662

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-26662
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-26662.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-26662
Aliases
Related
Published
2022-03-10T17:47:52Z
Modified
2024-11-21T14:57:07.796966Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.

References

Affected packages

Debian:11 / tryton-proteus

Package

Name
tryton-proteus
Purl
pkg:deb/debian/tryton-proteus?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.8-1+deb11u1

Affected versions

5.*

5.0.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / tryton-proteus

Package

Name
tryton-proteus
Purl
pkg:deb/debian/tryton-proteus?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tryton-proteus

Package

Name
tryton-proteus
Purl
pkg:deb/debian/tryton-proteus?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / tryton-server

Package

Name
tryton-server
Purl
pkg:deb/debian/tryton-server?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.33-2+deb11u1

Affected versions

5.*

5.0.33-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / tryton-server

Package

Name
tryton-server
Purl
pkg:deb/debian/tryton-server?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.16-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tryton-server

Package

Name
tryton-server
Purl
pkg:deb/debian/tryton-server?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.16-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/tryton/trytond

Affected ranges

Type
GIT
Repo
https://github.com/tryton/trytond
Events

Affected versions

5.*

5.0.0
5.0.1
5.0.10
5.0.11
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9