An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.
bugs.tryton.org/issue11244
discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059
hg.tryton.org/trytond
lists.debian.org/debian-lts-announce/2022/03/msg00016.html
lists.debian.org/debian-lts-announce/2022/03/msg00017.html
nvd.nist.gov/vuln/detail/CVE-2022-26662
www.debian.org/security/2022/dsa-5098
www.debian.org/security/2022/dsa-5099