CVE-2012-0805 – sqlalchemy

Package

Manager: pip
Name: sqlalchemy
Vulnerable Version: >=0 <0.7.0b4

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01649 pctl0.81286

Details

SQLAlchemy vulnerable to SQL injection Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.

Metadata

Created: 2022-05-14T03:49:27Z
Modified: 2024-10-28T14:40:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hfg2-wf6j-x53p/GHSA-hfg2-wf6j-x53p.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-hfg2-wf6j-x53p
Finding: F297
Auto approve: 1