docker icon indicating copy to clipboard operation
docker copied to clipboard

Published 20 hours ago verified publisher icon odoo

Two critical Security Issues

Open AquaMCU opened this issue 2 months ago • 1 comments

Following the docker documentation, the official odoo docker image has two critical issues:

https://hub.docker.com/layers/library/odoo/latest/images/sha256-b0eb0d356b153989384f414f884134733fc00f413b5d04ca795bc9c35b11c237?context=repo&tab=vulnerabilities

CVE-2022-29361: Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project

CVE-2023-41419: An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.

I think both can be fixed by updating the effected software within the docker container.

AquaMCU avatar May 09 '24 23:05 AquaMCU