Vulnerability Database
Blog
FAQ
GHSA-38fc-9xqv-7f7q
Source
https://github.com/advisories/GHSA-38fc-9xqv-7f7q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-38fc-9xqv-7f7q/GHSA-38fc-9xqv-7f7q.json
Aliases
CVE-2019-7548
PYSEC-2019-124
Published
2019-04-16T15:50:39Z
Modified
2023-11-08T04:01:38.796449Z
Details
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-7548
https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518
https://access.redhat.com/errata/RHSA-2019:0981
https://access.redhat.com/errata/RHSA-2019:0984
https://github.com/advisories/GHSA-38fc-9xqv-7f7q
https://github.com/no-security/sqlalchemy_test
https://github.com/sqlalchemy/sqlalchemy
https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html
https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html
https://www.oracle.com/security-alerts/cpujan2021.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html
Affected packages
PyPI
/
sqlalchemy
Package
Name
sqlalchemy
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
The exact introduced commit is unknown
Fixed
1.3.0
Affected versions
0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.3.10
0.3.11
0.4.0beta1
0.4.0beta2
0.4.0beta3
0.4.0beta4
0.4.0beta5
0.4.0beta6
0.4.0
0.4.1
0.4.2a
0.4.2b
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.5.0beta1
0.5.0beta2
0.5.0beta3
0.5.0rc1
0.5.0rc2
0.5.0rc3
0.5.0rc4
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.6beta1
0.6beta2
0.6beta3
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9
0.7.10
0.8.0b2
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.10
1.*
1.0.0b1
1.0.0b2
1.0.0b3
1.0.0b4
1.0.0b5
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.1.0b1
1.1.0b2
1.1.0b3
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.1.10
1.1.11
1.1.12
1.1.13
1.1.14
1.1.15
1.1.16
1.1.17
1.1.18
1.2.0b1
1.2.0b2
1.2.0b3
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.17
1.2.18
1.2.19
1.3.0b1
1.3.0b2
1.3.0b3
GHSA-38fc-9xqv-7f7q - OSV