VulnerableCode Package Details - pkg:pypi/trytond@4.2.16

Search for packages

Vulnerability	Summary	Fixed by
VCID-4cd2-1652-yugc Aliases: PYSEC-2019-57	In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values.	4.2.21 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 4.4.19 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 4.6.14 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 4.8.10 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.0.6 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bt9e-28y7-efh3 Aliases: CVE-2025-66422 GHSA-jqfc-9q34-prhg	trytond allows remote attackers to obtain sensitive trace-back (server setup) information Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.	6.0.70 Affected by 0 other vulnerabilities. 7.0.40 Affected by 0 other vulnerabilities. 7.4.21 Affected by 0 other vulnerabilities. 7.6.11 Affected by 0 other vulnerabilities.
VCID-ssd6-u3k1-kyh5 Aliases: CVE-2019-10868 GHSA-f6f2-pwrj-64h3 PYSEC-2019-127	In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values.	4.2.21 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 4.4.19 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 4.6.14 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 4.8.10 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.0.6 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-4cd2-1652-yugc
Aliases:
PYSEC-2019-57

In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values.

4.2.21
Affected by 1 other vulnerability.

4.4.19
Affected by 1 other vulnerability.

4.6.14
Affected by 1 other vulnerability.

4.8.10
Affected by 1 other vulnerability.

5.0.6
Affected by 3 other vulnerabilities.

VCID-bt9e-28y7-efh3
Aliases:
CVE-2025-66422
GHSA-jqfc-9q34-prhg

trytond allows remote attackers to obtain sensitive trace-back (server setup) information Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

6.0.70
Affected by 0 other vulnerabilities.

7.0.40
Affected by 0 other vulnerabilities.

7.4.21
Affected by 0 other vulnerabilities.

7.6.11
Affected by 0 other vulnerabilities.

VCID-ssd6-u3k1-kyh5
Aliases:
CVE-2019-10868
GHSA-f6f2-pwrj-64h3
PYSEC-2019-127