The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.
References
Link | Resource |
---|---|
http://www.tryton.org/posts/security-release-for-issue4155.html | Vendor Advisory |
https://bugs.tryton.org/issue4155 | Issue Tracking |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-04-12T15:00:00
Updated: 2018-04-12T14:57:01
Reserved: 2014-09-19T00:00:00
Link: CVE-2014-6633
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-04-12T15:29:00.287
Modified: 2018-05-22T17:45:18.147
Link: CVE-2014-6633
JSON object: View
Redhat Information
No data.
CWE