Following the recommendations I’m planning to use uwsgi (latest version) to deploy tryton
I’ve done until now:
pip3 install uwsgi
master = True # start in master mode
http = :8000 # bind to port 8000
processes = 1 # run 4 worker processes
file = wsgi.py
env = TRYTOND_CONFIG=/home/user/trytond.conf
socket = tryton.sock
plugin = python3
vaccuum = true
die-on-terms = true
chmod-socket = 660
from trytond.application import app
application = app
when I run uwsgi tryton.ini everything seems to be ok,
The problem is when I run a vulnerability scanner shows me directory traversal problem,
I think the version 220.127.116.11 does not have that vulnerability according to my research (https://snyk.io/vuln/pip:uwsgi) , has someone faced the same issue? am I doing something wrong on the configuration? Maybe a missing tag on uswgi?
Any clue will be appreciated.
I tried also with gunicorn 20.0.4 and shows same:
- ///etc/passwd: The server install allows reading of any system file by adding an extra ‘/’ to the URL.
Is it possible to be related to sao? Did I installed in wrong way? I’m a little lost now. Here is the scan if someone wants to check: https://pastebin.com/cDjdEvCq