Two critical Security Issues #503
Comments
|
@AquaMCU Unfortunately, Odoo employees don't seem to monitor issues on this repository, so I might suggest raising this via https://www.odoo.com/security-report |
|
@d-fence is there any plan to fix vulnerabilities? Or how you manage it? When I take a look at Docker Hub it is super red :( https://hub.docker.com/_/odoo/tags Thank you
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Following the docker documentation, the official odoo docker image has two critical issues:
https://hub.docker.com/layers/library/odoo/latest/images/sha256-b0eb0d356b153989384f414f884134733fc00f413b5d04ca795bc9c35b11c237?context=repo&tab=vulnerabilities
CVE-2022-29361: Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project
CVE-2023-41419: An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.
I think both can be fixed by updating the effected software within the docker container.
The text was updated successfully, but these errors were encountered: