Odoo Help


[Alert] How do I patch the 2014-01-safe-eval security bug?

Stephen Mack
on 11/3/14, 8:20 AM 1,984 views

Today [3-November-2014], Odoo announced that there is a security vulnerability with all versions of Odoo/OpenERP.  How is the vulnerability accessed, how do I patch it and what versions are safe?


Stephen Mack

--Stephen Mack--

| 8 8 9
Santiago, Chile
--Stephen Mack--

Some people call me a karma whore, I only ask for 10 points if you like my answer and 15 if I happen to get it correct.

Stephen Mack
On 11/3/14, 8:22 AM

Details are available here: https://github.com/odoo/odoo/issues/3445

*** Please Note *** 
If you are an odoo SaaS user/subscriber, your instance has already been patched.

The patch is to the ~/tools/safe_eval.py file and requires the deletion of two lines of code.


Arbitrary code execution using safe eval expressions

Affects: All Odoo/OpenERP versions (6.0, 6.1, 7.0, 8.0 and all versions of SaaS)
Component: Odoo Server
Credit: "duesenfranz"

Access Vector: Network exploitable
Access Complexity: Medium
Authentication: Privileged user account required
CVSS Score: 6.7 (AV:N/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C)

The following list contains the revisions after which the vulnerability was corrected:

I think odoo should have special page in official domain for this kind of announcement.

Ben Bernard
on 11/3/14, 9:02 AM

Agreed. They did post it on their community list: https://www.odoo.com/groups/community-59/community-9673986

Stephen Mack
on 11/3/14, 9:06 AM

So the only thing you need to edit to remove the problems are these lines? 'globals': locals, - 'locals': locals,

on 11/3/14, 9:38 AM

It was not made 100% clear in the github post but it seems so.

Stephen Mack
on 11/3/14, 10:20 AM

About This Community

This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.


Odoo Training Center

Access to our E-learning platform and experience all Odoo Apps through learning videos, exercises and Quizz.

Test it now

Question tools

1 follower(s)


Asked: 11/3/14, 8:20 AM
Seen: 1984 times
Last updated: 5/20/15, 4:04 AM