Lucene search
Veracode Vulnerability DatabaseVERACODE:6120HistoryApr 16, 2018 - 3:57 a.m.
Arbitrary Code Execution
2018-04-1603:57:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
EPSS
0.003
Percentile
71.3%
trytond is vulnerable to arbitrary code execution. Since it uses safe_eval() function, it allows the attacker to inject malicious code via the shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.
References
www.tryton.org/posts/security-release-for-issue4155.html
bugs.tryton.org/issue4155
github.com/tryton/trytond/blob/a0cd4f281306c273eb9a942e2c4b8893b8ad1fff/CHANGELOG#L226
github.com/tryton/trytond/commit/b427d212248af602baf9688f91c15df0da6bf30e#diff-b999b235097cd1509f52ee417c23fdfcL217
github.com/tryton/trytond/compare/0e2db001b66b10b32874d9c27d5e0da6c6980d24...19fc2a01357b7638041953326e404f51d96fad06
Related
nessus
nessus
Debian DLA-70-1 : tryton-server security update
2015-03-26 00:00:00
Debian DSA-3043-1 : tryton-server - security update
2020-03-09 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3043-1)
2023-03-08 00:00:00
Debian: Security Advisory (DLA-70-1)
2023-03-08 00:00:00
prion
prion
Code injection
2018-04-12 15:29:00
github
github
Tryton vulnerable to arbitrary command execution
2022-05-14 03:21:41
osv
osv
PYSEC-2018-59
2018-04-12 15:29:00
tryton-server - security update
2014-10-04 00:00:00
tryton-server - security update
2014-10-05 00:00:00
ubuntucve
ubuntucve
CVE-2014-6633
2018-04-12 00:00:00
cvelist
cvelist
CVE-2014-6633
2018-04-12 15:00:00
debiancve
debiancve
CVE-2014-6633
2018-04-12 15:29:00
debian
debian
[SECURITY] [DLA 70-1] tryton-server security update
2014-10-05 18:33:43
cve
cve
CVE-2014-6633
2018-04-12 15:29:00
nvd
nvd
CVE-2014-6633
2018-04-12 15:29:00