Download
| Alert*
|
oval:org.secpod.oval:def:601579
python-sqlalchemy is installed oval:org.secpod.oval:def:600776 It was discovered that sqlalchemy, an SQL toolkit and object relational mapper for python, is not sanitizing input passed to the limit/offset keywords to select as well as the value passed to select.limit/offset. This allows an attacker to perform SQL injection attacks against applications using sql ... oval:org.secpod.oval:def:2001596 SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. oval:org.secpod.oval:def:2001025 SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. |
