trytond is vulnerable to arbitrary code execution. Since it uses safe_eval()
function, it allows the attacker to inject malicious code via the shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.
www.tryton.org/posts/security-release-for-issue4155.html
bugs.tryton.org/issue4155
github.com/tryton/trytond/blob/a0cd4f281306c273eb9a942e2c4b8893b8ad1fff/CHANGELOG#L226
github.com/tryton/trytond/commit/b427d212248af602baf9688f91c15df0da6bf30e#diff-b999b235097cd1509f52ee417c23fdfcL217
github.com/tryton/trytond/compare/0e2db001b66b10b32874d9c27d5e0da6c6980d24...19fc2a01357b7638041953326e404f51d96fad06