HIGH 7.5
PYSEC-2026-1054
Tryton Directory Traversal vulnerability
Details
Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / trytond
No fixed version published yet for trytond (pip). Pin to a known-safe version or switch to an alternative.
References
- https://nvd.nist.gov/vuln/detail/CVE-2013-4510 [ADVISORY]
- https://bugs.tryton.org/issue3446 [WEB]
- https://github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2013-28.yaml [WEB]
- http://hg.tryton.org/tryton/rev/357d0a4d9cb8 [WEB]
- http://www.debian.org/security/2013/dsa-2791 [WEB]
- http://www.openwall.com/lists/oss-security/2013/11/04/21 [WEB]
- http://www.tryton.org/posts/security-release-for-issue3446.html [WEB]
- https://pypi.org/project/trytond [PACKAGE]
- https://github.com/advisories/GHSA-qjmc-wwmw-cq9r [ADVISORY]