VulnerableCode Package Details - pkg:pypi/trytond@4.6.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/trytond@4.6.2

Essentials
History (1)

purl	pkg:pypi/trytond@4.6.2

Next non-vulnerable version	4.6.14
Latest non-vulnerable version	5.0.6
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-kjnf-nmzs-c7b5 Aliases: CVE-2019-10868 GHSA-f6f2-pwrj-64h3 PYSEC-2019-127	In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values.	4.6.14 Affected by 0 other vulnerabilities. 4.8.10 Affected by 0 other vulnerabilities. 5.0.6 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-kjnf-nmzs-c7b5
Aliases:
CVE-2019-10868
GHSA-f6f2-pwrj-64h3
PYSEC-2019-127

In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values.

4.6.14
Affected by 0 other vulnerabilities.

4.8.10
Affected by 0 other vulnerabilities.

5.0.6
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:05:36.128200+00:00	Pypa Importer	Affected by	VCID-kjnf-nmzs-c7b5	https://github.com/pypa/advisory-database/blob/main/vulns/trytond/PYSEC-2019-127.yaml	38.6.0