VDB
KO
MEDIUM 6.5

GHSA-2w93-qwpp-vgvj

trytond does not enforce access rights for data export

Details

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / trytond
Introduced in: 7.5.0 Fixed in: 7.6.11
Fix pip install --upgrade 'trytond>=7.6.11'
PyPI / trytond
Introduced in: 7.1.0 Fixed in: 7.4.21
Fix pip install --upgrade 'trytond>=7.4.21'
PyPI / trytond
Introduced in: 7.0.0 Fixed in: 7.0.40
Fix pip install --upgrade 'trytond>=7.0.40'
PyPI / trytond
Introduced in: 6.0.0 Fixed in: 6.0.70
Fix pip install --upgrade 'trytond>=6.0.70'

References