Vulnerability Details CVE-2018-14733
The Odoo Community Association (OCA) dbfilter_from_header module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS (regular expression denial of service) under certain circumstances.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 75.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/OCA/server-tools/issues/1335
- https://github.com/OCA/server-tools/tree/10.0/dbfilter_from_header
- https://github.com/OCA/server-tools/tree/11.0/dbfilter_from_header
- https://github.com/OCA/server-tools/tree/8.0/dbfilter_from_header
- https://github.com/OCA/server-tools/tree/9.0/dbfilter_from_header
- https://github.com/OCA/server-tools/issues/1335
- https://github.com/OCA/server-tools/tree/10.0/dbfilter_from_header
- https://github.com/OCA/server-tools/tree/11.0/dbfilter_from_header
- https://github.com/OCA/server-tools/tree/8.0/dbfilter_from_header
- https://github.com/OCA/server-tools/tree/9.0/dbfilter_from_header