Security Release for issue4155
Publié: 2014-09-30 10:00:00+00:00
Read in English
Llegeix-ho en català
Auf Deutsch lesen
Beri v slovenščini
Leer en español
| Plus d'articles sur
A vulnerability in trytond has been
found by duesenfranz, that might allow a
malicious user to execute arbitrary commands on the server via the safe_eval
function (see issue4155).
Any authenticated user can run arbitrary commands on the server with the
permissions of the trytond user.
There is no workaround.
All users should upgrade trytond to the latest version of the used series.
Any security concerns should be reported on the bug-tracker at
https://bugs.tryton.org/ with the type security.