VulnerableCode Package Details - pkg:pypi/trytond@4.0.10

Search for packages

Vulnerability	Summary	Fixed by
VCID-bt9e-28y7-efh3 Aliases: CVE-2025-66422 GHSA-jqfc-9q34-prhg	trytond allows remote attackers to obtain sensitive trace-back (server setup) information Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.	6.0.70 Affected by 0 other vulnerabilities. 7.0.40 Affected by 0 other vulnerabilities. 7.4.21 Affected by 0 other vulnerabilities. 7.6.11 Affected by 0 other vulnerabilities.
VCID-nkhg-m2cc-vbfm Aliases: CVE-2017-0360 GHSA-7cwg-2575-3546 PYSEC-2017-97	file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.	4.2.3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-bt9e-28y7-efh3
Aliases:
CVE-2025-66422
GHSA-jqfc-9q34-prhg

trytond allows remote attackers to obtain sensitive trace-back (server setup) information Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

6.0.70
Affected by 0 other vulnerabilities.

7.0.40
Affected by 0 other vulnerabilities.

7.4.21
Affected by 0 other vulnerabilities.

7.6.11
Affected by 0 other vulnerabilities.

VCID-nkhg-m2cc-vbfm
Aliases:
CVE-2017-0360
GHSA-7cwg-2575-3546
PYSEC-2017-97

file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.

4.2.3
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-nkhg-m2cc-vbfm	file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.	CVE-2017-0360 GHSA-7cwg-2575-3546 PYSEC-2017-97

Vulnerability

Summary

Aliases

VCID-nkhg-m2cc-vbfm

CVE-2017-0360
GHSA-7cwg-2575-3546
PYSEC-2017-97

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-01T09:13:59.578231+00:00	GitLab Importer	Affected by	VCID-bt9e-28y7-efh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/trytond/CVE-2025-66422.yml	38.6.0
2026-06-01T06:39:12.195834+00:00	GitLab Importer	Fixing	VCID-nkhg-m2cc-vbfm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/trytond/CVE-2017-0360.yml	38.6.0
2026-05-31T09:36:58.189402+00:00	PyPI Importer	Affected by	VCID-nkhg-m2cc-vbfm	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-30T20:17:13.619360+00:00	Pypa Importer	Affected by	VCID-nkhg-m2cc-vbfm	https://github.com/pypa/advisory-database/blob/main/vulns/trytond/PYSEC-2017-97.yaml	38.6.0