[17.0][SEC] CVSS 5.3 SBOM Dep. lxml 4.8.0 denial of service (or application crash) vulnerability
wilsonmar opened this issue · comments
Wilson Mar commented
After obtaining dependency SBOM from odoo v17.0 at 6f6763b
Run of
osv-scanner scan -S odoo_odoo_6f6763b6728335b0728645806d77a0cb7453ffc7.json
reported vulnerabilities identified at:
╭─────────────────────────────────────┬──────┬──────────────┬────────
│ OSV URL │ CVSS │ PACKAGE │ VERSION
├─────────────────────────────────────┼──────┼──────────────┼────────
│ https://osv.dev/GHSA-wrxv-2j5q-m38w │ 5.3 │ lxml │ 4.8.0
│ https://osv.dev/PYSEC-2022-230 │ │ │
Martin Trigaux commented
Same as #165042 (comment), need proof it is applicable and not the proper report channel.