PYSEC-2016-11

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/trytond/PYSEC-2016-11.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2016-11

Aliases

CVE-2015-0861
GHSA-c8q5-2j73-qvcc

Published

2016-04-13T15:59:00Z

Modified

2024-04-29T12:27:13.062124Z

Summary

[none]

Details

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.

References

http://www.debian.org/security/2015/dsa-3425
https://bugs.tryton.org/issue5167
http://www.tryton.org/posts/security-release-for-issue5167.html

Affected packages

PyPI / trytond

Package

Name: trytond; View open source insights on deps.dev
Purl: pkg:pypi/trytond

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.2.0

Fixed

3.2.10

Introduced

3.4.0

Fixed

3.4.8

Introduced

3.6.0

Fixed

3.6.5

Introduced

3.8.0

Fixed

3.8.1

Affected versions

3.*

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

3.8.0