model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| trytond(PyPI) | 3.2.0 | 3.2.10 | N/A |
| trytond(PyPI) | 3.4.0 | 3.4.8 | N/A |
| trytond(PyPI) | 3.6.0 | 3.6.5 | N/A |
| trytond(PyPI) | 3.8.0 | 3.8.1 | N/A |
CVSS Metrics
