Duesenfranz

**Name of the Vulnerable Software and Affected Versions** Tryton versions prior to 2.4.15 Tryton versions 2.6.x prior to 2.6.14 Tryton versions 2.8.x prior to 2.8.11 Tryton versions 3.0.x prior to 3.0.7 Tryton versions 3.2.x prior to 3.2.3 **Description** The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the `collection.domain` in the webdav module or (2) the `formula` field in the `price list` module. **Recommendations** For versions prior to 2.4.15, update to version 2.4.15 or later. For versions 2.6.x prior to 2.6.14, update to version 2.6.14 or later. For versions 2.8.x prior to 2.8.11, update to version 2.8.11 or later. For versions 3.0.x prior to 3.0.7, update to version 3.0.7 or later. For versions 3.2.x prior to 3.2.3, update to version 3.2.3 or later.