CVE-2018-14733

The Odoo Community Association (OCA) dbfilter_from_header module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS (regular expression denial of service) under certain circumstances.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
odooodoo
8.0
odooodoo
8.0
odooodoo
9.0
odooodoo
9.0
odooodoo
10.0
odooodoo
10.0
odooodoo
11.0
odooodoo
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
odoo
bullseye (security)
14.0.0+dfsg.2-7+deb11u2
fixed
bullseye
14.0.0+dfsg.2-7+deb11u2
fixed
sid
17.0.0+dfsg3-1
fixed
Common Weakness Enumeration
References
https://github.com/OCA/server-tools/issues/1335
https://github.com/OCA/server-tools/tree/10.0/dbfilter_from_header
https://github.com/OCA/server-tools/tree/11.0/dbfilter_from_header
https://github.com/OCA/server-tools/tree/8.0/dbfilter_from_header
https://github.com/OCA/server-tools/tree/9.0/dbfilter_from_header
https://github.com/OCA/server-tools/issues/1335
https://github.com/OCA/server-tools/tree/10.0/dbfilter_from_header
https://github.com/OCA/server-tools/tree/11.0/dbfilter_from_header
https://github.com/OCA/server-tools/tree/8.0/dbfilter_from_header
https://github.com/OCA/server-tools/tree/9.0/dbfilter_from_header