Candidate: CVE-2022-26662
PublicDate: 2022-03-10 17:47:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26662
 https://bugs.tryton.org/issue11244
 https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059
Description:
 An XML Entity Expansion (XEE) issue was discovered in Tryton Application
 Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and
 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client
 (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x
 through 6.2.1. An unauthenticated user can send a crafted XML-RPC message
 to consume all the resources of the server.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_tryton-proteus:
upstream_tryton-proteus: needs-triage
trusty_tryton-proteus: ignored (out of standard support)
xenial_tryton-proteus: ignored (out of standard support)
bionic_tryton-proteus: needs-triage
focal_tryton-proteus: needs-triage
impish_tryton-proteus: needs-triage
jammy_tryton-proteus: needs-triage
devel_tryton-proteus: needs-triage

Patches_tryton-server:
upstream_tryton-server: needs-triage
trusty_tryton-server: ignored (out of standard support)
xenial_tryton-server: ignored (out of standard support)
bionic_tryton-server: needs-triage
focal_tryton-server: needs-triage
impish_tryton-server: needs-triage
jammy_tryton-server: needs-triage
devel_tryton-server: needs-triage