trytond
PyPI11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting trytondpage 1 of 1
- CVE-2012-0215NONECVSS 0.0✓ Fixed in 2.2.42012-07-12
vulnerable: 1.0.0 ... 2.2.3 (76 versions)
model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of…
- CVE-2012-2238HIGHCVSS 7.5EG 7.5✓ Fixed in 2.4.22019-11-21
vulnerable: 2.4.0, 2.4.1
trytond 2.4: ModelView.button fails to validate authorization
- CVE-2013-4510NONECVSS 0.02013-11-18
vulnerable: 3.0.0
Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report.
- CVE-2014-6633HIGHCVSS 8.8✓ Fixed in 3.0.72018-04-12
vulnerable: 2.4.0 ... 3.2.2 (50 versions)
The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1)…
- CVE-2015-0861MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.8.12016-04-13
vulnerable: 3.2.0 ... 3.8.0 (24 versions)
model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of r…
- CVE-2016-1241MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.0.42016-09-07
vulnerable: 1.0.0 ... 4.0.3 (213 versions)
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
- CVE-2016-1242MEDIUMCVSS 4.4EG 4.4✓ Fixed in 4.0.42016-09-07
vulnerable: 1.0.0 ... 4.0.3 (213 versions)
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified …
- CVE-2017-0360MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.2.32017-04-04
vulnerable: 3.0.0 ... 4.2.2 (119 versions)
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix …
- CVE-2019-10868MEDIUMCVSS 6.5EG 6.5✓ Fixed in 5.0.62019-04-05
vulnerable: 4.2.0 ... 5.0.5 (70 versions)
In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This ma…
- CVE-2022-26661MEDIUMCVSS 6.5EG 6.5✓ Fixed in 6.2.62022-03-10
vulnerable: 6.2.0 ... 6.2.5 (6 versions)
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through …
- CVE-2022-26662HIGHCVSS 7.5EG 7.5✓ Fixed in 6.2.62022-03-10
vulnerable: 6.2.0 ... 6.2.5 (6 versions)
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x throu…
Check whether trytond is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for trytond CVEs against the assets you own.
Start Free Scan →