GHSA-r3jc-3qmm-w3pw

Source

https://github.com/advisories/GHSA-r3jc-3qmm-w3pw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-r3jc-3qmm-w3pw/GHSA-r3jc-3qmm-w3pw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r3jc-3qmm-w3pw

Aliases

CVE-2024-24811

Published

2024-02-07T17:28:26Z

Modified

2024-02-16T08:20:42.413192Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

SQLAlchemyDA unauthenticated arbitrary SQL query execution

Details

Impact

The vulnerability allows unauthenticated execution of arbitrary SQL statements on the database the SQLAlchemyDA instance is connected to. All users are affected.

Patches

The problem has been patched in version 2.2.

Workarounds

There is no workaround. All users are urged to upgrade to version 2.2

References

Affected packages

PyPI / products-sqlalchemyda

Package

Name: products-sqlalchemyda; View open source insights on deps.dev
Purl: pkg:pypi/products-sqlalchemyda

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2

Affected versions

0.*

0.4.0

0.4.1

0.5.0

0.5.1

0.6.0b

0.6.0b2

0.6.0b3

0.6.0b4

0.6.0b5

0.6.0b6

0.6.0b7

0.6.1b1

0.6.2b1

0.6.2b2

1.*

1.0.0

1.0.1

1.0.2

1.1.0

2.*

2.0

2.1