CVE-2017-0360: Tryton Information Disclosure Vulnerability
(updated )
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a “same root name but with a suffix” attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
References
- github.com/advisories/GHSA-7cwg-2575-3546
- github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2017-97.yaml
- github.com/tryton/trytond
- github.com/tryton/trytond/commit/30e978593733385db3144f8c583eeb4679575cf0
- github.com/tryton/trytond/commit/a67a7f03c30277515f530cad5950056171ed5bd1
- lists.debian.org/debian-security-announce/2017/msg00084.html
- nvd.nist.gov/vuln/detail/CVE-2017-0360
Detect and mitigate CVE-2017-0360 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →