Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/trytond@3.6.8
Typepypi
Namespace
Nametrytond
Version3.6.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.2.21
Latest_non_vulnerable_version5.0.6
Affected_by_vulnerabilities
0
url VCID-d2ex-b38e-bbg2
vulnerability_id VCID-d2ex-b38e-bbg2
summary Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
references
0
reference_url https://bugs.tryton.org/issue5795
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://bugs.tryton.org/issue5795
1
reference_url http://www.debian.org/security/2016/dsa-3656
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url http://www.debian.org/security/2016/dsa-3656
2
reference_url http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html
fixed_packages
0
url pkg:pypi/trytond@3.6.12
purl pkg:pypi/trytond@3.6.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ye2t-2sf7-6fd6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@3.6.12
1
url pkg:pypi/trytond@3.8.8
purl pkg:pypi/trytond@3.8.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ye2t-2sf7-6fd6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@3.8.8
2
url pkg:pypi/trytond@4.0.4
purl pkg:pypi/trytond@4.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ye2t-2sf7-6fd6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@4.0.4
aliases CVE-2016-1241, PYSEC-2016-12, PYSEC-2016-40
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d2ex-b38e-bbg2
1
url VCID-dn5v-2sp3-5uez
vulnerability_id VCID-dn5v-2sp3-5uez
summary file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
references
0
reference_url https://bugs.tryton.org/issue5808
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://bugs.tryton.org/issue5808
1
reference_url http://www.debian.org/security/2016/dsa-3656
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
url http://www.debian.org/security/2016/dsa-3656
2
reference_url http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
url http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html
fixed_packages
0
url pkg:pypi/trytond@3.6.12
purl pkg:pypi/trytond@3.6.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ye2t-2sf7-6fd6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@3.6.12
1
url pkg:pypi/trytond@3.8.8
purl pkg:pypi/trytond@3.8.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ye2t-2sf7-6fd6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@3.8.8
2
url pkg:pypi/trytond@4.0.4
purl pkg:pypi/trytond@4.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ye2t-2sf7-6fd6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@4.0.4
aliases CVE-2016-1242, PYSEC-2016-13, PYSEC-2016-41
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dn5v-2sp3-5uez
2
url VCID-ye2t-2sf7-6fd6
vulnerability_id VCID-ye2t-2sf7-6fd6
summary file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
references
0
reference_url http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8
reference_id
reference_type
scores
url http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8
1
reference_url https://lists.debian.org/debian-security-announce/2017/msg00084.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-security-announce/2017/msg00084.html
2
reference_url http://www.debian.org/security/2017/dsa-3826
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3826
3
reference_url http://www.securityfocus.com/bid/97489
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/97489
fixed_packages
0
url pkg:pypi/trytond@4.2.3
purl pkg:pypi/trytond@4.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kjnf-nmzs-c7b5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/trytond@4.2.3
aliases CVE-2017-0360, PYSEC-2017-97
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ye2t-2sf7-6fd6
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/trytond@3.6.8