Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-26662

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.

Related bugs and status

CVE-2022-26662 (Candidate) is related to these bugs:

Bug #1971107: Versions in Focal and Jammy are vulnerable to CVE-2022-26661 and CVE-2022-26662

Summary				In	Importance	Status
	1971107	Versions in Focal and Jammy are vulnerable to CVE-2022-26661 and CVE-2022-26662		tryton-proteus (Ubuntu)	Undecided	In Progress
	1971107	Versions in Focal and Jammy are vulnerable to CVE-2022-26661 and CVE-2022-26662		tryton-server (Ubuntu)	Undecided	In Progress

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.tryton.or...
MISC: https://discuss.tryton...
MLIST: [debian-lts-announce] ...
MLIST: [debian-lts-announce] ...
DEBIAN: DSA-5098
DEBIAN: DSA-5099