Search for packages
| purl | pkg:pypi/tryton@3.2.17 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ye2t-2sf7-6fd6
Aliases: CVE-2017-0360 GHSA-7cwg-2575-3546 PYSEC-2017-97 |
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-d2ex-b38e-bbg2 | Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors. |
CVE-2016-1241
PYSEC-2016-12 PYSEC-2016-40 |
| VCID-dn5v-2sp3-5uez | file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors. |
CVE-2016-1242
GHSA-jpr7-8rxm-4vgx PYSEC-2016-13 PYSEC-2016-41 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:36:50.102356+00:00 | GitLab Importer | Affected by | VCID-ye2t-2sf7-6fd6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tryton/CVE-2017-0360.yml | 38.6.0 |
| 2026-06-02T04:04:23.670662+00:00 | Pypa Importer | Fixing | VCID-d2ex-b38e-bbg2 | https://github.com/pypa/advisory-database/blob/main/vulns/tryton/PYSEC-2016-40.yaml | 38.6.0 |
| 2026-06-02T04:04:22.988624+00:00 | Pypa Importer | Fixing | VCID-dn5v-2sp3-5uez | https://github.com/pypa/advisory-database/blob/main/vulns/tryton/PYSEC-2016-41.yaml | 38.6.0 |