CVE-2020-11010

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-11010

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11010.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-11010

Aliases

Related

GHSA-9j2c-x8qm-qmjq

Published

2020-04-20T22:15:13.587Z

Modified

2026-03-13T22:15:49.068076Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, startswith, or endswith filters (and their case-insensitive counterparts).

References

Affected packages

Git / github.com/tortoise/tortoise-orm

Affected ranges

Type

GIT

Repo

https://github.com/tortoise/tortoise-orm

Events

Introduced

Fixed

d9b0c2ded9ee5a140493f9940dc2abeae4c53aa5

Introduced

558f4651eeb13068b91ff6d50703480cd086fa49

Fixed

50bf70855abbd10833131ff8f8ee3add5a563db7

Fixed

91c364053e0ddf77edc5442914c6f049512678b3

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.15.23"
        },
        {
            "introduced": "0.16.0"
        },
        {
            "fixed": "0.16.6"
        }
    ]
}

Affected versions

0.*

0.15.19

0.16.0

0.16.1

0.16.2

0.16.3

0.16.4

0.16.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11010.json"