PYSEC-2019-127
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/trytond/PYSEC-2019-127.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2019-127
- Aliases
- Published
- 2019-04-05T01:29:00Z
- Modified
- 2023-11-08T04:00:58.397634Z
- Summary
- [none]
- Details
-
In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values.
- References
Affected packages
PyPI / trytond
Package
- Name
- trytond
- View open source insights on deps.dev
- Purl
- pkg:pypi/trytond
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.2.0Fixed4.2.21Introduced4.4.0Fixed4.4.19Introduced4.6.0Fixed4.6.14Introduced4.8.0Fixed4.8.10Introduced5.0.0Fixed5.0.6
Affected versions
4.*
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.2.10
4.2.11
4.2.12
4.2.13
4.2.14
4.2.15
4.2.16
4.2.17
4.2.18
4.2.19
4.2.20
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.4.9
4.4.10
4.4.11
4.4.12
4.4.13
4.4.14
4.4.15
4.4.16
4.4.17
4.4.18
4.6.0
4.6.1
4.6.2
4.6.3
4.6.4
4.6.5
4.6.6
4.6.7
4.6.8
4.6.9
4.6.10
4.6.11
4.6.12
4.6.13
4.8.0
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5
4.8.6
4.8.7
4.8.8
4.8.9
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5