Full Disclosure mailing list archives
SSD Advisory – Odoo CRM Code Execution
From: Maor Shwartz <maors () beyondsecurity com>
Date: Sun, 2 Jul 2017 08:47:58 +0300
Hi, Link: https://blogs.securiteam.com/index.php/archives/3246 Twitter: @SecuriTeam_SSD Vulnerability Summary The following advisory describe arbitrary Python code execution found in Odoo CRM version 10.0 Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc. Odoo’s unique value proposition is to be at the same time very easy to use and fully integrated. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor response Odoo has done a private disclosure for the issue we reported, and the patch was merged in all supported branches. The full public disclosure will be available at https://github.com/odoo/odoo/issues/17898. The full write-up is attached -- Thanks Maor Shwartz GPG Key ID: 93CC36E2DE7FF514
Attachment:
SSD Advisory – Odoo CRM Code Execution – SecuriTeam Blogs.pdf
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- SSD Advisory – Odoo CRM Code Execution Maor Shwartz (Jul 07)