Описание
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:odoo:odoo:8.0:*:*:*:*:*:*:*
cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 81%
0.01551
Низкий
6.5 Medium
CVSS3
8.5 High
CVSS2
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 6.5
debian
больше 8 лет назад
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...
CVSS3: 6.5
github
больше 3 лет назад
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.
EPSS
Процентиль: 81%
0.01551
Низкий
6.5 Medium
CVSS3
8.5 High
CVSS2
Дефекты
CWE-502