{"id":"PYSEC-2017-97","details":"file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.","aliases":["CVE-2017-0360","GHSA-7cwg-2575-3546"],"modified":"2024-04-22T23:11:35.680767Z","published":"2017-04-04T17:59:00Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-security-announce/2017/msg00084.html"},{"type":"WEB","url":"http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8"},{"type":"WEB","url":"http://www.securityfocus.com/bid/97489"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3826"}],"affected":[{"package":{"name":"trytond","ecosystem":"PyPI","purl":"pkg:pypi/trytond"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3"},{"fixed":"4.2.3"}]}],"versions":["3.0.0","3.0.1","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.0.9","3.2.0","3.2.1","3.2.10","3.2.11","3.2.12","3.2.13","3.2.14","3.2.15","3.2.16","3.2.17","3.2.18","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6","3.2.7","3.2.8","3.2.9","3.4.0","3.4.1","3.4.10","3.4.11","3.4.12","3.4.13","3.4.14","3.4.15","3.4.16","3.4.17","3.4.18","3.4.2","3.4.3","3.4.4","3.4.5","3.4.6","3.4.7","3.4.8","3.4.9","3.6.0","3.6.1","3.6.10","3.6.11","3.6.12","3.6.13","3.6.14","3.6.15","3.6.16","3.6.17","3.6.18","3.6.19","3.6.2","3.6.3","3.6.4","3.6.5","3.6.6","3.6.7","3.6.8","3.6.9","3.8.0","3.8.1","3.8.10","3.8.11","3.8.12","3.8.13","3.8.14","3.8.15","3.8.16","3.8.17","3.8.18","3.8.2","3.8.3","3.8.4","3.8.5","3.8.6","3.8.7","3.8.8","3.8.9","4.0.0","4.0.1","4.0.10","4.0.11","4.0.12","4.0.13","4.0.14","4.0.15","4.0.16","4.0.17","4.0.18","4.0.19","4.0.2","4.0.20","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9","4.2.0","4.2.1","4.2.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/trytond/PYSEC-2017-97.yaml"}}],"schema_version":"1.7.3"}