Описание
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 11.0 (включая)Версия до 11.0 (включая)
Одно из
cpe:2.3:a:odoo:odoo:*:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 84%
0.0224
Низкий
9.1 Critical
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.1
debian
больше 6 лет назад
Improper sanitization of dynamic user expressions in Odoo Community 11 ...
github
больше 3 лет назад
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system.
EPSS
Процентиль: 84%
0.0224
Низкий
9.1 Critical
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78