Homepage

tryton@5.0.0 vulnerabilities

Tryton desktop client

  • latest version

    7.6.2

  • latest non vulnerable version

    7.6.2

  • first published

    14 years ago

  • latest version published

    1 months ago

  • licenses detected

  • View tryton package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the tryton package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Information Exposure

    tryton is a business software.

    Affected versions of this package are vulnerable to Information Exposure via the trytond/model/modelstorage.py path. An authenticated user could order records based on a field for which he had no access right. This may allow the user to guess these values.

    How to fix Information Exposure?

    Upgrade tryton to version 5.0.6, 4.8.10, 4.6.14, 4.4.19, 4.2.21 or higher.

    [5.0.0,5.0.6)[4.8.0,4.8.10)[4.6.0,4.6.14)[4.4.0,4.4.19)[4.2.0,4.2.21)
    • M
    Man-in-the-Middle (MitM)

    tryton is a three-tiers high-level general purpose application platform written in Python and use Postgresql as database engine.

    Affected versions of this package are vulnerable to Man in the middle attack. The client tried to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt failed, but it contained in the header the current session of the user. This session could then be stolen by a man-in-the-middle.

    How to fix Man-in-the-Middle (MitM)?

    Upgrade tryton to version 5.0.1 or higher.

    [5.0.0,5.0.1)
    Go back to all versions of this package