An XML Entity Expansion (XEE) issue exists in Tryton Application Platform (Server) 5.x up to and including 5.0.45, 6.x up to and including 6.0.15, and 6.1.x and 6.2.x up to and including 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x up to and including 5.0.11, 6.x up to and including 6.0.4, and 6.1.x and 6.2.x up to and including 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tryton proteus |
||
tryton trytond |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |