cvedb.io
CVE-2017-10804
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2017-07-04T18:29:00.227 · Last modified 2026-06-17T01:00:44.267

Summary

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used.

Affected products

odoo — odoo

Does this affect you?

Add your gear to cvedb and we'll alert you only when odoo ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.