GHSA-m9jj-5qvj-5fhx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m9jj-5qvj-5fhx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m9jj-5qvj-5fhx/GHSA-m9jj-5qvj-5fhx.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-m9jj-5qvj-5fhx
- Aliases
- Published
- 2022-05-14T03:21:41Z
- Modified
- 2024-11-18T23:00:57.620075Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Tryton vulnerable to arbitrary command execution
- Details
-
The
safe_evalfunction in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) thecollection.domainin the webdav module or (2) the formula field in theprice_listmodule. - Database specific
{ "nvd_published_at": "2018-04-12T15:29:00Z", "cwe_ids": [ "CWE-77" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-04-29T11:11:05Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-6633
- https://github.com/tryton/trytond/commit/19fc2a01357b7638041953326e404f51d96fad06
- https://github.com/tryton/trytond/commit/3e4c2b7e8c7b3358597a0d484fa98f45483ee92a
- https://bugs.tryton.org/issue4155
- https://github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2018-59.yaml
- https://github.com/tryton/trytond
- http://www.tryton.org/posts/security-release-for-issue4155.html
Affected packages
PyPI / tryton
Package
- Name
- tryton
- View open source insights on deps.dev
- Purl
- pkg:pypi/tryton
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.15
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.2.10
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.4.10
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.8.9
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.10
2.2.11
2.2.12
2.2.13
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
2.4.10
2.4.11
2.4.12
2.4.13
2.4.14
PyPI / tryton
Package
- Name
- tryton
- View open source insights on deps.dev
- Purl
- pkg:pypi/tryton
PyPI / tryton
Package
- Name
- tryton
- View open source insights on deps.dev
- Purl
- pkg:pypi/tryton
PyPI / tryton
Package
- Name
- tryton
- View open source insights on deps.dev
- Purl
- pkg:pypi/tryton
PyPI / trytond
Package
- Name
- trytond
- View open source insights on deps.dev
- Purl
- pkg:pypi/trytond
PyPI / trytond
Package
- Name
- trytond
- View open source insights on deps.dev
- Purl
- pkg:pypi/trytond
PyPI / trytond
Package
- Name
- trytond
- View open source insights on deps.dev
- Purl
- pkg:pypi/trytond
PyPI / trytond
Package
- Name
- trytond
- View open source insights on deps.dev
- Purl
- pkg:pypi/trytond
PyPI / trytond
Package
- Name
- trytond
- View open source insights on deps.dev
- Purl
- pkg:pypi/trytond