GHSA-r3jc-3qmm-w3pw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r3jc-3qmm-w3pw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-r3jc-3qmm-w3pw/GHSA-r3jc-3qmm-w3pw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-r3jc-3qmm-w3pw
- Aliases
- Related
- Published
- 2024-02-07T17:28:26Z
- Modified
- 2024-02-16T08:20:42.413192Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- SQLAlchemyDA unauthenticated arbitrary SQL query execution
- Details
-
Impact
The vulnerability allows unauthenticated execution of arbitrary SQL statements on the database the SQLAlchemyDA instance is connected to. All users are affected.
Patches
The problem has been patched in version 2.2.
Workarounds
There is no workaround. All users are urged to upgrade to version 2.2
- Database specific
{ "nvd_published_at": "2024-02-07T15:15:08Z", "cwe_ids": [ "CWE-89" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-02-07T17:28:26Z" }- References
-
- https://github.com/zopefoundation/Products.SQLAlchemyDA/security/advisories/GHSA-r3jc-3qmm-w3pw
- https://nvd.nist.gov/vuln/detail/CVE-2024-24811
- https://github.com/zopefoundation/Products.SQLAlchemyDA/commit/e682b99f8406f20bc3f0f2c77153ed7345fd215a
- https://github.com/zopefoundation/Products.SQLAlchemyDA
Affected packages
PyPI / products-sqlalchemyda
Package
- Name
- products-sqlalchemyda
- View open source insights on deps.dev
- Purl
- pkg:pypi/products-sqlalchemyda