Hi, Link: https://blogs.securiteam.com/index.php/archives/3246 Twitter: @SecuriTeam_SSD Vulnerability Summary The following advisory describe arbitrary Python code execution found in Odoo CRM version 10.0 Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc. Odoo’s unique value proposition is to be at the same time very easy to use and fully integrated. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor response Odoo has done a private disclosure for the issue we reported, and the patch was merged in all supported branches. The full public disclosure will be available at https://github.com/odoo/odoo/issues/17898. The full write-up is attached -- Thanks Maor Shwartz GPG Key ID: 93CC36E2DE7FF514
Attachment:
SSD Advisory – Odoo CRM Code Execution – SecuriTeam Blogs.pdf
Description: Adobe PDF document
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/