CVE-2020-29396

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-29396

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-29396.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-29396

Aliases

BIT-odoo-2020-29396

Downstream

UBUNTU-CVE-2020-29396

Withdrawn

2026-05-04T08:33:22.250999Z

Published

2020-12-22T17:15:13.550Z

Modified

2026-05-04T08:33:22.250999Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "11.0"
            },
            {
                "last_affected": "13.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "11.0"
            },
            {
                "last_affected": "13.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "11.0"
            },
            {
                "last_affected": "13.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "11.0"
            },
            {
                "last_affected": "13.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-29396.json"