CyberSec.Space Logo
CVEブラウザに戻る

CVE-2014-6633

HIGH
8.8
CVSS Severity Score
EPSS Score0.1560%
EPSS Percentile5.86th
Published2018年4月12日
Last Modified2024年11月21日

Vulnerability Description

The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.

Affected Platforms (CPE)

📦
Tryton

Tryton

>= 2.4.0 and < 2.4.15
📦
Tryton

Tryton

>= 2.6.0 and < 2.6.14
📦
Tryton

Tryton

>= 2.8.0 and < 2.8.11
📦
Tryton

Tryton

>= 3.0.0 and < 3.0.7
📦
Tryton

Tryton

>= 3.2.0 and < 3.2.3

References & Advisories

🔗 http://www.tryton.org/posts/security-release-for-issue4155.html
🔗 https://bugs.tryton.org/issue4155
🔗 http://www.tryton.org/posts/security-release-for-issue4155.html
🔗 https://bugs.tryton.org/issue4155

関連する脆弱性情報

CVE-2013-45107.8

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers...

CVE-2019-108686.5

In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 bef...

CVE-2020-370146.4

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to...

CVE-2018-194435.9

The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circum...