Back to search
CVE-2017-10804
Published: Jul 4, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/odoo/odoo/issues/17914
x_refsource_CONFIRM
http://initd.org/psycopg/docs/news.html#what-s-new-in-psycopg-2-6-3
x_refsource_CONFIRM
https://github.com/psycopg/psycopg2/issues/420
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now