GHSA-hfg2-wf6j-x53p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hfg2-wf6j-x53p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hfg2-wf6j-x53p/GHSA-hfg2-wf6j-x53p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hfg2-wf6j-x53p
- Aliases
- Published
- 2022-05-14T03:49:27Z
- Modified
- 2024-10-28T15:04:29.386399Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- SQLAlchemy vulnerable to SQL injection
- Details
-
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.
- Database specific
{ "nvd_published_at": "2012-06-05T22:55:00Z", "cwe_ids": [ "CWE-89" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-04-30T08:33:05Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2012-0805
- https://github.com/sqlalchemy/sqlalchemy/commit/51fea2e159ca93daa0bc8066a5c35d8436d99418
- https://bugs.launchpad.net/keystone/+bug/918608
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73756
- https://github.com/pypa/advisory-database/tree/main/vulns/sqlalchemy/PYSEC-2012-9.yaml
- https://github.com/sqlalchemy/sqlalchemy
- https://web.archive.org/web/20140721183117/http://secunia.com/advisories/48771
- https://web.archive.org/web/20140802043526/http://secunia.com/advisories/48328
- https://web.archive.org/web/20140802044957/http://secunia.com/advisories/48327
- http://rhn.redhat.com/errata/RHSA-2012-0369.html
- http://www.debian.org/security/2012/dsa-2449
- http://www.sqlalchemy.org/changelog/CHANGES_0_7_0
- http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7
Affected packages
PyPI / sqlalchemy
Package
- Name
- sqlalchemy
- View open source insights on deps.dev
- Purl
- pkg:pypi/sqlalchemy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.7.0b4
Affected versions
0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.3.10
0.3.11
0.4.0beta1
0.4.0beta2
0.4.0beta3
0.4.0beta4
0.4.0beta5
0.4.0beta6
0.4.0
0.4.1
0.4.2a
0.4.2b
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.5.0beta1
0.5.0beta2
0.5.0beta3
0.5.0rc1
0.5.0rc2
0.5.0rc3
0.5.0rc4
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.6beta1
0.6beta2
0.6beta3
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9