<p>Upgrade <code>tryton</code> to version 5.0.6, 4.8.10, 4.6.14, 4.4.19, 4.2.21 or higher.</p>

Information Exposure Affecting tryton package, versions [5.0.0,5.0.6) [4.8.0,4.8.10) [4.6.0,4.6.14) [4.4.0,4.4.19) [4.2.0,4.2.21)

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 0.35% (72^nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-TRYTON-174115
published 7 Apr 2019
disclosed 5 Apr 2019
credit Cedric Krier

Report a new vulnerability Found a mistake?

Introduced: 5 Apr 2019

CVE-2019-10868 Open this link in a new tab CWE-200 Open this link in a new tab

How to fix?

Upgrade tryton to version 5.0.6, 4.8.10, 4.6.14, 4.4.19, 4.2.21 or higher.

Overview

tryton is a business software.

Affected versions of this package are vulnerable to Information Exposure via the trytond/model/modelstorage.py path. An authenticated user could order records based on a field for which he had no access right. This may allow the user to guess these values.