{"id":"CVE-2016-1242","details":"file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.","aliases":["GHSA-jpr7-8rxm-4vgx","PYSEC-2016-13","PYSEC-2016-41"],"modified":"2026-03-14T09:18:33.643988Z","published":"2016-09-07T19:28:01.677Z","references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3656"},{"type":"ADVISORY","url":"http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"},{"type":"REPORT","url":"https://bugs.tryton.org/issue5808"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.16"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.3"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.5"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.7"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.3"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.4"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.5"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.6"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.7"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.8"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.9"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.10"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.11"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.12"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.13"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.3"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.4"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.5"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.6"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.7"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.8"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.9"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.10"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.11"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1242.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}]}