[17.0][SEC] CVSS 9.8 SBOM Dep. gevent 21.8.0 allows a remote attacker to escalate privileges via a crafted script
wilsonmar opened this issue · comments
After obtaining dependency SBOM from odoo v17.0 at 6f6763b
Run of
osv-scanner scan -S odoo_odoo_6f6763b6728335b0728645806d77a0cb7453ffc7.json
reported vulnerabilities identified at:
╭─────────────────────────────────────┬──────┬──────────────┬────────
│ OSV URL │ CVSS │ PACKAGE │ VERSION
├─────────────────────────────────────┼──────┼──────────────┼────────
│ https://osv.dev/GHSA-x7m3-jprg-wc5g │ 9.8 │ gevent │ 21.8.0
│ https://osv.dev/PYSEC-2023-177 │ │ │
Same as #165042 (comment), need proof it is applicable and not the proper report channel.