Описание
Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-1242
- https://bugs.tryton.org/issue5808
- https://github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2016-41.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2016-13.yaml
- http://www.debian.org/security/2016/dsa-3656
- http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html
Пакеты
trytond
< 3.2.17
3.2.17
trytond
>= 3.4, < 3.4.14
3.4.14
trytond
>= 3.6, < 3.6.12
3.6.12
trytond
>= 3.8, < 3.8.8
3.8.8
trytond
>= 4.0, < 4.0.4
4.0.4
Связанные уязвимости
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3 ...
Security update for GNU Health and it's dependencies