CVE-2020-29396

NameCVE-2020-29396
DescriptionA sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
odoo (PTS)bullseye (security), bullseye14.0.0+dfsg.2-7+deb11u1fixed
sid16.0.0+dfsg.2-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
odoosource(unstable)(not affected)

Notes

- odoo <not-affected> (Fixed before initial upload to Debian)
https://github.com/odoo/odoo/issues/63712
Search for package or bug name: Reporting problems