CVE-2022-26661
- Source
- https://cve.org/CVERecord?id=CVE-2022-26661
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-26661.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-26661
- Aliases
- Downstream
- Published
- 2022-03-07T22:40:11Z
- Modified
- 2026-05-01T04:10:50.137083Z
- Summary
- [none]
- Details
-
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/26xxx/CVE-2022-26661.json", "cna_assigner": "mitre", "unresolved_ranges": [ { "extracted_events": [ { "introduced": "5.x" }, { "fixed": "5.0.45" }, { "introduced": "6.x" }, { "fixed": "6.0.15" }, { "introduced": "6.2.x" }, { "fixed": "6.2.5" }, { "introduced": "5.x" }, { "fixed": "5.0.11" }, { "introduced": "6.x" }, { "fixed": "6.0.4" }, { "introduced": "6.2.x" }, { "fixed": "6.2.1" } ], "source": "DESCRIPTION" } ] }- References
-
- https://bugs.tryton.org/issue11219
- https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/26xxx/CVE-2022-26661.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-26661
- https://www.debian.org/security/2022/dsa-5098
- https://www.debian.org/security/2022/dsa-5099
- https://lists.debian.org/debian-lts-announce/2022/03/msg00016.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00017.html
Affected packages
Git / github.com/tryton/trytond
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tryton/trytond
- Events
-
IntroducedFixedFixedIntroducedFixedFixedIntroducedFixedFixed
- Database specific
{ "cpe": [ "cpe:2.3:a:tryton:proteus:*:*:*:*:*:*:*:*", "cpe:2.3:a:tryton:trytond:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.12" }, { "fixed": "5.0.46" }, { "introduced": "6.0.0" }, { "fixed": "6.0.5" }, { "fixed": "6.0.16" }, { "introduced": "6.2.0" }, { "fixed": "6.2.2" }, { "fixed": "6.2.6" } ], "source": "CPE_FIELD" }
Affected versions
5.*
5.0.0
5.0.1
5.0.10
5.0.11
5.0.12
5.0.13
5.0.14
5.0.15
5.0.16
5.0.17
5.0.18
5.0.19
5.0.2
5.0.20
5.0.21
5.0.22
5.0.23
5.0.24
5.0.25
5.0.26
5.0.27
5.0.28
5.0.29
5.0.3
5.0.30
5.0.31
5.0.32
5.0.33
5.0.34
5.0.35
5.0.36
5.0.37
5.0.38
5.0.39
5.0.4
5.0.40
5.0.41
5.0.42
5.0.43
5.0.44
5.0.45
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
6.*
6.0.0
6.0.1
6.0.10
6.0.11
6.0.12
6.0.13
6.0.14
6.0.15
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5