{"id":"PYSEC-2016-13","details":"file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.","aliases":["CVE-2016-1242","GHSA-jpr7-8rxm-4vgx","PYSEC-2016-41"],"modified":"2024-11-21T14:56:55.609858Z","published":"2016-09-07T19:28:00Z","references":[{"type":"WEB","url":"https://bugs.tryton.org/issue5808"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3656"},{"type":"WEB","url":"http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html"}],"affected":[{"package":{"name":"trytond","ecosystem":"PyPI","purl":"pkg:pypi/trytond"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.17"},{"introduced":"3.4"},{"fixed":"3.4.14"},{"introduced":"3.6"},{"fixed":"3.6.12"},{"introduced":"3.8"},{"fixed":"3.8.8"},{"introduced":"4.0"},{"fixed":"4.0.4"}]}],"versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.2.0","1.2.1","1.2.10","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.2.9","1.4.0","1.4.1","1.4.10","1.4.11","1.4.12","1.4.13","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.4.8","1.4.9","1.6.0","1.6.1","1.6.10","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.8.0","1.8.1","1.8.10","1.8.11","1.8.2","1.8.3","1.8.4","1.8.5","1.8.6","1.8.7","1.8.8","1.8.9","2.0.0","2.0.1","2.0.10","2.0.11","2.0.12","2.0.13","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.2.0","2.2.1","2.2.10","2.2.11","2.2.12","2.2.13","2.2.14","2.2.2","2.2.3","2.2.4","2.2.5","2.2.6","2.2.7","2.2.8","2.2.9","2.4.0","2.4.1","2.4.10","2.4.11","2.4.12","2.4.13","2.4.14","2.4.15","2.4.16","2.4.2","2.4.3","2.4.4","2.4.5","2.4.6","2.4.7","2.4.8","2.4.9","2.6.0","2.6.1","2.6.10","2.6.11","2.6.12","2.6.13","2.6.14","2.6.15","2.6.16","2.6.17","2.6.18","2.6.2","2.6.3","2.6.4","2.6.5","2.6.6","2.6.7","2.6.8","2.6.9","2.8.0","2.8.1","2.8.10","2.8.11","2.8.12","2.8.13","2.8.14","2.8.15","2.8.16","2.8.2","2.8.3","2.8.4","2.8.5","2.8.6","2.8.7","2.8.8","2.8.9","3.0.0","3.0.1","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.0.9","3.2.0","3.2.1","3.2.10","3.2.11","3.2.12","3.2.13","3.2.14","3.2.15","3.2.16","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6","3.2.7","3.2.8","3.2.9","3.4.0","3.4.1","3.4.10","3.4.11","3.4.12","3.4.13","3.4.2","3.4.3","3.4.4","3.4.5","3.4.6","3.4.7","3.4.8","3.4.9","3.6.0","3.6.1","3.6.10","3.6.11","3.6.2","3.6.3","3.6.4","3.6.5","3.6.6","3.6.7","3.6.8","3.6.9","3.8.0","3.8.1","3.8.2","3.8.3","3.8.4","3.8.5","3.8.6","3.8.7","4.0.0","4.0.1","4.0.2","4.0.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/trytond/PYSEC-2016-13.yaml"}}],"schema_version":"1.7.3"}