Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-14860

Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system.

Published

2019-07-03T20:15:10.837

Last Modified

2024-11-21T03:49:56.583

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.1 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	odoo	odoo	≤ 11.0	Yes
Application	odoo	odoo	≤ 11.0	Yes

References

https://github.com/odoo/odoo/issues/32505 Patch, Third Party Advisory ([email protected])
https://github.com/odoo/odoo/issues/32505 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)