CVE-2022-26661

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-26661
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-26661.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-26661
Aliases
Downstream
Published
2022-03-10T17:47:52Z
Modified
2025-09-19T13:48:55.097572Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.

References

Affected packages

Git / github.com/tryton/trytond

Affected ranges

Type
GIT
Repo
https://github.com/tryton/trytond
Events

Affected versions

5.*

5.0.0
5.0.1
5.0.10
5.0.11
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9