CVE-2022-26662

Name of the Vulnerable Software and Affected Versions Tryton Application Platform (Server) versions 5.x through 5.0.45 Tryton Application Platform (Server) versions 6.x through 6.0.15 Tryton Application Platform (Server) versions 6.1.x through 6.2.5 Tryton Application Platform (Command Line Client (proteus)) versions 5.x through 5.0.11 Tryton Application Platform (Command Line Client (proteus)) versions 6.x through 6.0.4 Tryton Application Platform (Command Line Client (proteus)) versions 6.1.x through 6.2.1

Description An XML Entity Expansion (XEE) issue allows an unauthenticated user to send a crafted XML-RPC message to consume all the resources of the server.

Recommendations For Tryton Application Platform (Server) versions 5.x through 5.0.45, update to a version later than 5.0.45. For Tryton Application Platform (Server) versions 6.x through 6.0.15, update to a version later than 6.0.15. For Tryton Application Platform (Server) versions 6.1.x through 6.2.5, update to a version later than 6.2.5. For Tryton Application Platform (Command Line Client (proteus)) versions 5.x through 5.0.11, update to a version later than 5.0.11. For Tryton Application Platform (Command Line Client (proteus)) versions 6.x through 6.0.4, update to a version later than 6.0.4. For Tryton Application Platform (Command Line Client (proteus)) versions 6.1.x through 6.2.1, update to a version later than 6.2.1.