Security Release for issue #13142Cédric Krier has found that trytond accepts compressed content from unauthenticated requests which makes it vulnerable to zip bomb attacks. Impact
WorkaroundA proxy can be deployed in front of the ResolutionAll affected users should upgrade Affected versions per series:
Non affected versions per series:
ReferenceConcerns?Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the confidential checkbox checked. 1 post - 1 participant |
[tryton-announces] Security Release for issue #13142
News - Tryton Discussion: ced Wed, 17 Apr 2024 09:32:16 -0700