CVE-2018-14865

Published July 3rd, 2019

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier does not use secure options when passing documents to wkhtmltopdf, which allows remote attackers to read local files.

odoo/odoo

Odoo. Open Source Apps To Grow Your Business.

GitHub

52.4K