CVE-2022-26662

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.
Configurations

Configuration 1

cpe:2.3:a:tryton:proteus:*:*:*:*:*:*:*:*
cpe:2.3:a:tryton:proteus:*:*:*:*:*:*:*:*
cpe:2.3:a:tryton:proteus:*:*:*:*:*:*:*:*
cpe:2.3:a:tryton:trytond:*:*:*:*:*:*:*:*
cpe:2.3:a:tryton:trytond:*:*:*:*:*:*:*:*
cpe:2.3:a:tryton:trytond:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Information

Published : 2022-03-10 05:47

Updated : 2022-03-18 03:07


NVD link : CVE-2022-26662

Mitre link : CVE-2022-26662

Products Affected
No products.
CWE
CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')