CVE-2018-14887

Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose database names via a crafted request.
References
Link Resource
https://github.com/odoo/odoo/commits/master Third Party Advisory
https://github.com/odoo/odoo/issues/32511 Issue Tracking Patch Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:11.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:11.0:*:*:*:enterprise:*:*:*

History

No history.

Information

Published : 2019-06-28 18:15

Updated : 2024-02-04 20:20


NVD link : CVE-2018-14887

Mitre link : CVE-2018-14887

CVE.ORG link : CVE-2018-14887


JSON object : View

Products Affected

odoo

  • odoo
CWE
CWE-20

Improper Input Validation