CVE-2014-6633
Last modified
CVE-2014-6633 is a vulnerability of currently unknown severity. The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.. EPSS estimates a 2.60% chance of exploitation in the next 30 days.
Description
The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tryton | Tryton | >= 2.4.0, < 2.4.15 |
| Tryton | Tryton | >= 2.6.0, < 2.6.14 |
| Tryton | Tryton | >= 2.8.0, < 2.8.11 |
| Tryton | Tryton | >= 3.0.0, < 3.0.7 |
| Tryton | Tryton | >= 3.2.0, < 3.2.3 |
References
- https://bugs.tryton.org/issue4155Issue Tracking
- https://bugs.tryton.org/issue4155Issue Tracking
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-6633?
How severe is CVE-2014-6633?
How do I fix CVE-2014-6633?
Are you affected by CVE-2014-6633?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST