Vulnerability	Vulnerable Version
H Arbitrary Command Injection Affected versions of this package are vulnerable to Arbitrary Command Injection via the `safe_eval` function. It allows remote authenticated users to execute arbitrary commands via shell metacharacters in the `collection.domain` in the `webdav` module or the formula field in the `price_list` module. How to fix Arbitrary Command Injection? Upgrade `trytond` to version 2.4.15, 2.6.14, 2.8.11, 3.0.7, 3.2.3 or higher.	[,2.4.15)[2.6.0,2.6.14)[2.8.0,2.8.11)[3.0.0,3.0.7)[3.2.0,3.2.3)
M Directory Traversal `trytond` is a Tryton server. file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.	[,3.2.17)[3.4,3.4.14)[3.6,3.6.12)[3.8,3.8.8)[4,4.0.4)

Arbitrary Command Injection

Affected versions of this package are vulnerable to Arbitrary Command Injection via the safe_eval function. It allows remote authenticated users to execute arbitrary commands via shell metacharacters in the collection.domain in the webdav module or the formula field in the price_list module.

How to fix Arbitrary Command Injection?

Upgrade trytond to version 2.4.15, 2.6.14, 2.8.11, 3.0.7, 3.2.3 or higher.

[,2.4.15)[2.6.0,2.6.14)[2.8.0,2.8.11)[3.0.0,3.0.7)[3.2.0,3.2.3)

Directory Traversal

trytond is a Tryton server.

file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.

[,3.2.17)[3.4,3.4.14)[3.6,3.6.12)[3.8,3.8.8)[4,4.0.4)

Go back to all versions of this package