SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
CPE | Name | Operator | Version |
---|---|---|---|
sqlalchemy | eq | 0.2.0 | |
sqlalchemy | eq | 1.0.14 | |
sqlalchemy | eq | 1.1.11 | |
sqlalchemy | eq | 1.2.0b1 | |
sqlalchemy | eq | 1.2.13 | |
sqlalchemy | eq | 0.6.5 | |
sqlalchemy | eq | 1.0.1 | |
sqlalchemy | eq | 0.4.2 | |
sqlalchemy | eq | 1.0.0b4 | |
sqlalchemy | eq | 1.2.16 |
lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html
access.redhat.com/errata/RHSA-2019:0981
access.redhat.com/errata/RHSA-2019:0984
github.com/advisories/GHSA-38fc-9xqv-7f7q
github.com/no-security/sqlalchemy_test
github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518
lists.debian.org/debian-lts-announce/2019/03/msg00020.html
www.oracle.com/security-alerts/cpujan2021.html