{"id":"CVE-2017-0360","details":"file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.","aliases":["GHSA-7cwg-2575-3546","PYSEC-2017-97"],"modified":"2026-03-14T01:38:42.201722Z","published":"2017-04-04T17:59:00.240Z","references":[{"type":"WEB","url":"http://hg.tryton.org/trytond?cmd=changeset%3Bnode=472510fdc6f8"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3826"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97489"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-security-announce/2017/msg00084.html"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-0360.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.5"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.8"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.9"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.10"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.11"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.12"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.13"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.14"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.15"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.16"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.17"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.3"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.4"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.5"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.6"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.7"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.8"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.9"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.10"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.11"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.12"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.13"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.14"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.15"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.16"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.17"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.3"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.4"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.5"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.6"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.7"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.8"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.9"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.10"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.11"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.12"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.13"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.14"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.15"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.16"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4.17"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.3"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.4"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.5"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.6"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.7"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.8"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.9"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.10"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.11"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.12"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.13"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.14"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.15"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6.16"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.3"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.5"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.7"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.8"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.9"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.10"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.11"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.12"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.13"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.14"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.5"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.8"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.9"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}