An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.
References
Link | Resource |
---|---|
https://bugs.tryton.org/issue11244 | Patch Vendor Advisory |
https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059 | Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00016.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00017.html | Mailing List Third Party Advisory |
https://www.debian.org/security/2022/dsa-5098 | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5099 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
18 Mar 2022, 15:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:tryton:trytond:*:*:*:*:*:*:*:* cpe:2.3:a:tryton:proteus:*:*:*:*:*:*:*:* |
|
First Time |
Tryton proteus
Debian debian Linux Debian Tryton Tryton trytond |
|
References | (MISC) https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059 - Vendor Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5099 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00017.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00016.html - Mailing List, Third Party Advisory | |
References | (MISC) https://bugs.tryton.org/issue11244 - Patch, Vendor Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5098 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-776 |
11 Mar 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Mar 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Mar 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Mar 2022, 17:53
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-10 17:47
Updated : 2023-12-10 14:22
NVD link : CVE-2022-26662
Mitre link : CVE-2022-26662
CVE.ORG link : CVE-2022-26662
JSON object : View
Products Affected
tryton
- trytond
- proteus
debian
- debian_linux
CWE
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')