Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/trytond@1.0.1

Type pypi

Namespace

Name trytond

Version 1.0.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.2.21

Latest_non_vulnerable_version 7.6.11

Affected_by_vulnerabilities

url VCID-d2ex-b38e-bbg2

vulnerability_id VCID-d2ex-b38e-bbg2

summary Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.

references

reference_url

https://bugs.tryton.org/issue5795

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://bugs.tryton.org/issue5795

reference_url

http://www.debian.org/security/2016/dsa-3656

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

http://www.debian.org/security/2016/dsa-3656

reference_url

http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html

fixed_packages

url pkg:pypi/trytond@3.2.17

purl pkg:pypi/trytond@3.2.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ye2t-2sf7-6fd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@3.2.17

url pkg:pypi/trytond@3.4.14

purl pkg:pypi/trytond@3.4.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ye2t-2sf7-6fd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@3.4.14

url pkg:pypi/trytond@3.6.12

purl pkg:pypi/trytond@3.6.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ye2t-2sf7-6fd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@3.6.12

url pkg:pypi/trytond@3.8.8

purl pkg:pypi/trytond@3.8.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ye2t-2sf7-6fd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@3.8.8

url pkg:pypi/trytond@4.0.4

purl pkg:pypi/trytond@4.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ye2t-2sf7-6fd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@4.0.4

aliases CVE-2016-1241, PYSEC-2016-12, PYSEC-2016-40

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d2ex-b38e-bbg2

url VCID-dn5v-2sp3-5uez

vulnerability_id VCID-dn5v-2sp3-5uez

summary file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.

references

reference_url

https://bugs.tryton.org/issue5808

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

url

https://bugs.tryton.org/issue5808

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2016-13.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2016-13.yaml

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2016-41.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2016-41.yaml

reference_url	https://github.com/tryton/trytond
reference_id
reference_type
scores
url	https://github.com/tryton/trytond

reference_url

http://www.debian.org/security/2016/dsa-3656

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

url

http://www.debian.org/security/2016/dsa-3656

reference_url

http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

url

http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-1242
reference_id	CVE-2016-1242
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-1242

reference_url	https://github.com/advisories/GHSA-jpr7-8rxm-4vgx
reference_id	GHSA-jpr7-8rxm-4vgx
reference_type
scores
url	https://github.com/advisories/GHSA-jpr7-8rxm-4vgx

fixed_packages

url pkg:pypi/trytond@3.2.17

purl pkg:pypi/trytond@3.2.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ye2t-2sf7-6fd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@3.2.17

url pkg:pypi/trytond@3.4.14

purl pkg:pypi/trytond@3.4.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ye2t-2sf7-6fd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@3.4.14

url pkg:pypi/trytond@3.6.12

purl pkg:pypi/trytond@3.6.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ye2t-2sf7-6fd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@3.6.12

url pkg:pypi/trytond@3.8.8

purl pkg:pypi/trytond@3.8.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ye2t-2sf7-6fd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@3.8.8

url pkg:pypi/trytond@4.0.4

purl pkg:pypi/trytond@4.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ye2t-2sf7-6fd6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@4.0.4

aliases CVE-2016-1242, GHSA-jpr7-8rxm-4vgx, PYSEC-2016-13, PYSEC-2016-41

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dn5v-2sp3-5uez

url VCID-w15z-2nug-ebff

vulnerability_id VCID-w15z-2nug-ebff

summary model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.

references

reference_url	http://hg.tryton.org/trytond/rev/8e64d52ecea4
reference_id
reference_type
scores
url	http://hg.tryton.org/trytond/rev/8e64d52ecea4

reference_url	http://news.tryton.org/2012/03/security-releases-for-all-supported.html
reference_id
reference_type
scores
url	http://news.tryton.org/2012/03/security-releases-for-all-supported.html

reference_url	https://bugs.tryton.org/issue2476
reference_id
reference_type
scores
url	https://bugs.tryton.org/issue2476

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2012-6.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2012-6.yaml

reference_url	https://github.com/tryton/trytond
reference_id
reference_type
scores
url	https://github.com/tryton/trytond

reference_url	https://github.com/tryton/trytond/commit/d059ebb792401ded3129cd9402d7392dc34b81e3
reference_id
reference_type
scores
url	https://github.com/tryton/trytond/commit/d059ebb792401ded3129cd9402d7392dc34b81e3

reference_url	https://web.archive.org/web/20121113201043/http://news.tryton.org/2012/03/security-releases-for-all-supported.html
reference_id
reference_type
scores
url	https://web.archive.org/web/20121113201043/http://news.tryton.org/2012/03/security-releases-for-all-supported.html

reference_url	http://www.debian.org/security/2012/dsa-2444
reference_id
reference_type
scores
url	http://www.debian.org/security/2012/dsa-2444

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2012-0215
reference_id	CVE-2012-0215
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2012-0215

reference_url	https://github.com/advisories/GHSA-cqg4-rf29-3mv6
reference_id	GHSA-cqg4-rf29-3mv6
reference_type
scores
url	https://github.com/advisories/GHSA-cqg4-rf29-3mv6

fixed_packages

url pkg:pypi/trytond@2.2.4

purl pkg:pypi/trytond@2.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d2ex-b38e-bbg2

vulnerability	VCID-dn5v-2sp3-5uez

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@2.2.4

url pkg:pypi/trytond@2.4.0

purl pkg:pypi/trytond@2.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d2ex-b38e-bbg2

vulnerability	VCID-dn5v-2sp3-5uez

vulnerability	VCID-k57g-qscb-yyex

vulnerability	VCID-kf2v-9dsr-6fhg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@2.4.0

aliases CVE-2012-0215, GHSA-cqg4-rf29-3mv6, PYSEC-2012-6

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w15z-2nug-ebff

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@1.0.1

Package Instance