AttackerKBAKB:21E9B361-F38E-4B8E-BB46-E845FCB352C5CVE-2019-7548
0.002 Low
EPSS
Percentile
55.2%
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
Recent assessments:
kevthehermit at April 23, 2020 8:30pm UTC reported:
SQLAlchemy is one of the most popular ORMs for Python / SQL Database interaction. It is heavily used in python web applications with frameworks like Flask and Django.
ORMS are heavily used as they prevent the need for raw queries, which also adds input sanitization as part of its process.
This specific exploit would allow SQL Injection if an attacker can control the input sent to group_by as this field was not being filtered. This could resutl in full DB compromise including the compromise of credentials.
Whilst the use of SQLAlchemy is fairly common the specific requirements around the version and the group_by parameter being accessible to an end-user may not be as common.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 2
References
lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html
access.redhat.com/errata/RHSA-2019:0981
access.redhat.com/errata/RHSA-2019:0984
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7548
github.com/no-security/sqlalchemy_test
github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518
lists.debian.org/debian-lts-announce/2019/03/msg00020.html
www.oracle.com/security-alerts/cpujan2021.html
Related
