Bugzilla – Bug 1197033
VUL-0: CVE-2022-26662: trytond: unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server
Last modified: 2022-05-02 10:11:29 UTC
An XML Entity Expansion (XEE) issue was discovered in Tryton Application
Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x
through 6.2.5, and Tryton Application Platform (Command Line Client (proteus))
5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An
unauthenticated user can send a crafted XML-RPC message to consume all the
resources of the server.
issue is fixed in
https://smash.suse.de/issue/325790/ is not a valid URL (page not found).
Please avoid SUSE-internal machines for openSUSE Bugs
Versions including security fix are already shipped -> closing