PYSEC-2017-97
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/trytond/PYSEC-2017-97.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2017-97
- Aliases
- Published
- 2017-04-04T17:59:00Z
- Modified
- 2024-04-22T23:12:41.068447Z
- Summary
- [none]
- Details
-
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
- References
Affected packages
PyPI / trytond
Package
- Name
- trytond
- View open source insights on deps.dev
- Purl
- pkg:pypi/trytond
Affected versions
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
3.2.10
3.2.11
3.2.12
3.2.13
3.2.14
3.2.15
3.2.16
3.2.17
3.2.18
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9
3.4.10
3.4.11
3.4.12
3.4.13
3.4.14
3.4.15
3.4.16
3.4.17
3.4.18
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.6.7
3.6.8
3.6.9
3.6.10
3.6.11
3.6.12
3.6.13
3.6.14
3.6.15
3.6.16
3.6.17
3.6.18
3.6.19
3.8.0
3.8.1
3.8.2
3.8.3
3.8.4
3.8.5
3.8.6
3.8.7
3.8.8
3.8.9
3.8.10
3.8.11
3.8.12
3.8.13
3.8.14
3.8.15
3.8.16
3.8.17
3.8.18
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.0.11
4.0.12
4.0.13
4.0.14
4.0.15
4.0.16
4.0.17
4.0.18
4.0.19
4.0.20
4.2.0
4.2.1
4.2.2