Vulnerability Database
Blog
FAQ
PYSEC-2019-124
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/sqlalchemy/PYSEC-2019-124.yaml
Aliases
CVE-2019-7548
GHSA-38fc-9xqv-7f7q
Published
2019-02-06T21:29:00Z
Modified
2023-11-08T04:01:38.796449Z
Details
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
References
https://github.com/no-security/sqlalchemy_test
https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518
https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html
https://access.redhat.com/errata/RHSA-2019:0984
https://access.redhat.com/errata/RHSA-2019:0981
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://github.com/advisories/GHSA-38fc-9xqv-7f7q
Affected packages
PyPI
/
sqlalchemy
Package
Name
sqlalchemy
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
The exact introduced commit is unknown
Fixed
1.2.18
Affected versions
0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.3.10
0.3.11
0.4.0beta1
0.4.0beta2
0.4.0beta3
0.4.0beta4
0.4.0beta5
0.4.0beta6
0.4.0
0.4.1
0.4.2a
0.4.2b
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.5.0beta1
0.5.0beta2
0.5.0beta3
0.5.0rc1
0.5.0rc2
0.5.0rc3
0.5.0rc4
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.6beta1
0.6beta2
0.6beta3
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9
0.7.10
0.8.0b2
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.10
1.*
1.0.0b1
1.0.0b2
1.0.0b3
1.0.0b4
1.0.0b5
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.1.0b1
1.1.0b2
1.1.0b3
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.1.10
1.1.11
1.1.12
1.1.13
1.1.14
1.1.15
1.1.16
1.1.17
1.1.18
1.2.0b1
1.2.0b2
1.2.0b3
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.17
PYSEC-2019-124 - OSV