PYSEC-2012-9
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/sqlalchemy/PYSEC-2012-9.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2012-9
- Aliases
- Published
- 2012-06-05T22:55:00Z
- Modified
- 2024-04-30T08:56:53.235931Z
- Summary
- [none]
- Details
-
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.
- References
-
- https://bugs.launchpad.net/keystone/+bug/918608
- http://rhn.redhat.com/errata/RHSA-2012-0369.html
- http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/
- http://secunia.com/advisories/48771
- http://www.sqlalchemy.org/changelog/CHANGES_0_7_0
- http://secunia.com/advisories/48328
- http://secunia.com/advisories/48327
- http://www.debian.org/security/2012/dsa-2449
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73756
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:059
Affected packages
PyPI / sqlalchemy
Package
- Name
- sqlalchemy
- View open source insights on deps.dev
- Purl
- pkg:pypi/sqlalchemy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.7.0
Affected versions
0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.3.10
0.3.11
0.4.0beta1
0.4.0beta2
0.4.0beta3
0.4.0beta4
0.4.0beta5
0.4.0beta6
0.4.0
0.4.1
0.4.2a
0.4.2b
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.5.0beta1
0.5.0beta2
0.5.0beta3
0.5.0rc1
0.5.0rc2
0.5.0rc3
0.5.0rc4
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.6beta1
0.6beta2
0.6beta3
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9