FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py39-sqlalchemy10 -- multiple SQL Injection vulnerabilities

Affected packages
py39-sqlalchemy10 < 1.3.0

Details

VuXML ID e4181981-ccf1-11ed-956f-7054d21a9e2a
Discovery 2019-02-06
Entry 2023-03-28

21k reports:

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

[source]

nosecurity reports:

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

[source]

References

CVE Name CVE-2019-7164
CVE Name CVE-2019-7548
URL https://osv.dev/vulnerability/GHSA-38fc-9xqv-7f7q
URL https://osv.dev/vulnerability/GHSA-887w-45rq-vxgf
URL https://osv.dev/vulnerability/PYSEC-2019-123
URL https://osv.dev/vulnerability/PYSEC-2019-124

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.