Safety vulnerability ID: 52946
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Sqlalchemy 0.7.0 includes a fix for CVE-2012-0805: Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.
https://docs.sqlalchemy.org/en/20/changelog/changelog_07.html#change-0.7.0
Latest version: 2.0.30
Database Abstraction Library
CVE-2012-0805 python-sqlalchemy: SQL injection flaw due to not checking LIMIT input for correct type See CVE-2012-0805.
MISC:48327: http://secunia.com/advisories/48327
MISC:48328: http://secunia.com/advisories/48328
MISC:48771: http://secunia.com/advisories/48771
MISC:DSA-2449: http://www.debian.org/security/2012/dsa-2449
MISC:MDVSA-2012:059: http://www.mandriva.com/security/advisories?name=MDVSA-2012:059
MISC:RHBZ#783305: https://bugzilla.redhat.com/show_bug.cgi?id=783305
MISC:RHSA-2012:0369: http://rhn.redhat.com/errata/RHSA-2012-0369.html
MISC:RHSA-2012:0369: https://access.redhat.com/errata/RHSA-2012:0369
MISC:http://www.sqlalchemy.org/changelog/CHANGES_0_7_0: http://www.sqlalchemy.org/changelog/CHANGES_0_7_0
MISC:http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/: http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/
MISC:https://access.redhat.com/security/cve/CVE-2012-0805: https://access.redhat.com/security/cve/CVE-2012-0805
MISC:https://bugs.launchpad.net/keystone/+bug/918608: https://bugs.launchpad.net/keystone/+bug/918608
MISC:sqlalchemy-select-sql-injection(73756): https://exchange.xforce.ibmcloud.com/vulnerabilities/73756
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application