PT-2019-9052 · Odoo Community Association+1 · Odoo+1

Nils Hamerlinck

Published

2019-04-26

Updated

2019-07-09

CVE-2018-14733

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Odoo versions 8.x through 11.x

Description The issue concerns a ReDoS (regular expression denial of service) vulnerability in the dbfilter from header module provided by the Odoo Community Association (OCA). This vulnerability affects Odoo under certain circumstances.

Recommendations For Odoo versions 8.x through 11.x, consider disabling the dbfilter from header module as a temporary workaround until a patch is available. Restrict access to potentially vulnerable modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2019-1740

CVE-2018-14733

Affected Products

Alt Linux

Odoo

PT-2019-9052 · Odoo Community Association+1 · Odoo+1

CVE-2018-14733

Weakness Enumeration

Related Identifiers

Affected Products

References · 8