Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-14733

The Odoo Community Association (OCA) dbfilter_from_header module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS (regular expression denial of service) under certain circumstances.

Published

2019-07-05T20:15:13.907

Last Modified

2024-11-21T03:49:41.863

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	odoo	odoo	8.0	Yes
Application	odoo	odoo	8.0	Yes
Application	odoo	odoo	9.0	Yes
Application	odoo	odoo	9.0	Yes
Application	odoo	odoo	10.0	Yes
Application	odoo	odoo	10.0	Yes
Application	odoo	odoo	11.0	Yes
Application	odoo	odoo	11.0	Yes

References

https://github.com/OCA/server-tools/issues/1335 Mitigation, Third Party Advisory ([email protected])
https://github.com/OCA/server-tools/tree/10.0/dbfilter_from_header Third Party Advisory ([email protected])
https://github.com/OCA/server-tools/tree/11.0/dbfilter_from_header Third Party Advisory ([email protected])
https://github.com/OCA/server-tools/tree/8.0/dbfilter_from_header Third Party Advisory ([email protected])
https://github.com/OCA/server-tools/tree/9.0/dbfilter_from_header Third Party Advisory ([email protected])
https://github.com/OCA/server-tools/issues/1335 Mitigation, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OCA/server-tools/tree/10.0/dbfilter_from_header Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OCA/server-tools/tree/11.0/dbfilter_from_header Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OCA/server-tools/tree/8.0/dbfilter_from_header Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OCA/server-tools/tree/9.0/dbfilter_from_header Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)