CVE-2013-4510
HIGH7.5EPSS 0.75%tryton-client - missing input sanitization
Published: 5/17/2022Modified: 4/28/2026
Description
Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report.
Affected packages (4)
- Debian/tryton-clientfrom 0, < 2.8.4-1
- Debian/tryton-clientfrom 0, < 1.6.1-1+deb6u1
- PyPI/trytonfrom 0, < 3.0.1
- PyPI/trytond
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4510
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-4510
- WEBhttp://hg.tryton.org/tryton/rev/357d0a4d9cb8
- WEBhttps://bugs.tryton.org/issue3446
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2013-28.yaml
- WEBhttp://www.debian.org/security/2013/dsa-2791
- WEBhttp://www.openwall.com/lists/oss-security/2013/11/04/21
- WEBhttp://www.tryton.org/posts/security-release-for-issue3446.html