—

PYSEC-2013-28

상세

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / tryton

최초 영향 버전: 0 수정 버전: 3.0.1

수정 pip install --upgrade 'tryton>=3.0.1'

참고

http://hg.tryton.org/tryton/rev/357d0a4d9cb8 [WEB]
http://www.tryton.org/posts/security-release-for-issue3446.html [WEB]
http://www.debian.org/security/2013/dsa-2791 [ADVISORY]
http://www.openwall.com/lists/oss-security/2013/11/04/21 [WEB]
https://bugs.tryton.org/issue3446 [WEB]