HIGH 7.5

PYSEC-2022-43171

상세

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / tryton

최초 영향 버전: 5.0.0 수정 버전: 5.0.12

수정 pip install --upgrade 'tryton>=5.0.12'

참고

https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059 [ADVISORY]
https://bugs.tryton.org/issue11244 [ADVISORY]
https://lists.debian.org/debian-lts-announce/2022/03/msg00016.html [WEB]
https://lists.debian.org/debian-lts-announce/2022/03/msg00017.html [WEB]
https://www.debian.org/security/2022/dsa-5098 [ADVISORY]
https://www.debian.org/security/2022/dsa-5099 [ADVISORY]