CVE-2017-10803

Name of the Vulnerable Software and Affected Versions Odoo versions 8.0, 9.0, and 10.0 Odoo Community Edition versions 9.0 and 10.0 Odoo Enterprise Edition versions 9.0 and 10.0

Description The issue arises from insecure handling of anonymization data in the Database Anonymization module, allowing remote authenticated privileged users to execute arbitrary Python code due to the use of unpickle.

Recommendations For Odoo version 8.0, update to a version that includes a fix for the insecure handling of anonymization data. For Odoo Community Edition versions 9.0 and 10.0, update to a version that includes a fix for the insecure handling of anonymization data. For Odoo Enterprise Edition versions 9.0 and 10.0, update to a version that includes a fix for the insecure handling of anonymization data. As a temporary workaround, consider disabling the Database Anonymization module until a patch is available.