Main Vulnerability Database SB2013111806

SB2013111806 - Path traversal in Python Tryton

Published: November 18, 2013 Updated: August 10, 2020

Security Bulletin ID SB2013111806

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2013-4510)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the client in Tryton 3.0.0, as distributed before 20131104 and earlier,. A remote authenticated attacker can send a specially crafted HTTP request and remote servers to write arbitrary files via path separators in the extension of a report.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

http://hg.tryton.org/tryton/rev/357d0a4d9cb8
http://www.debian.org/security/2013/dsa-2791
http://www.openwall.com/lists/oss-security/2013/11/04/21
http://www.tryton.org/posts/security-release-for-issue3446.html
https://bugs.tryton.org/issue3446