Tryton security update-CVE-2022-26662
NAME
Tryton – Multiple
- Platforms Affected:
Multiple - Risk Level:
low - CVE Type:
XML entity expansion
DESCRIPTION
CVE-2022-26662 is a xml entity expansion vulnerability impacting multiple versions of Tryton Proteus and Trytond. A proof of concept (PoC) was observed in open source and subsequently shared in the underground.
CVSS Information:
- CVSS 2.0 SCORE: 5
- CVSS 3.0 SCORE: 7.5
- Exploit Disclosed in the Public:
true - Exploit Weaponised:
- PoC Link:
hXXps://bugs[.]tryton[.]org/issue11244
MITIGATION
Tryton addressed the vulnerability in a security advisory with updated versions.
- Reference Link:
https://bugs.tryton.org/issue11244 - Patch Available:
available
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.