CVE 2021-23166
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.
See the
CVE page on Mitre.org
for more details.