CVE-2019-7164

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-7164
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7164.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-7164
Aliases
Related
Published
2019-02-20T00:29:00Z
Modified
2024-10-12T05:18:33.725492Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

References

Affected packages

Debian:11 / sqlalchemy

Package

Name
sqlalchemy
Purl
pkg:deb/debian/sqlalchemy?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.18+ds1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / sqlalchemy

Package

Name
sqlalchemy
Purl
pkg:deb/debian/sqlalchemy?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.18+ds1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / sqlalchemy

Package

Name
sqlalchemy
Purl
pkg:deb/debian/sqlalchemy?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.18+ds1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/sqlalchemy/sqlalchemy

Affected ranges

Type
GIT
Repo
https://github.com/sqlalchemy/sqlalchemy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

Other

origin
rel_0_1_0
rel_0_1_1
rel_0_1_2
rel_0_1_3
rel_0_1_4
rel_0_1_5
rel_0_1_6
rel_0_1_7
rel_0_2_0
rel_0_2_1
rel_0_2_2
rel_0_2_3
rel_0_2_4
rel_0_2_5
rel_0_2_6
rel_0_2_7
rel_0_2_8
rel_0_3_0
rel_0_3_1
rel_0_3_10
rel_0_3_2
rel_0_3_3
rel_0_3_4
rel_0_3_5
rel_0_3_6
rel_0_3_7
rel_0_3_8
rel_0_3_9
rel_0_4_0
rel_0_4_1
rel_0_4_2
rel_0_4_2a
rel_0_4_2b
rel_0_4_2p3
rel_0_4_3
rel_0_4_4
rel_0_4_5
rel_0_4beta1
rel_0_4beta2
rel_0_4beta3
rel_0_4beta4
rel_0_4beta6
rel_0_5_0
rel_0_5_1
rel_0_5_2
rel_0_5_3
rel_0_5_4
rel_0_5_4p1
rel_0_5_4p2
rel_0_5_5
rel_0_5beta1
rel_0_5beta2
rel_0_5beta3
rel_0_5rc1
rel_0_5rc2
rel_0_5rc3
rel_0_5rc4
rel_0_6_0
rel_0_6_1
rel_0_6_2
rel_0_6_3
rel_0_6_4
rel_0_6_5
rel_0_6beta1
rel_0_6beta2
rel_0_6beta3
rel_0_7_0
rel_0_7_1
rel_0_7_2
rel_0_7_3
rel_0_7_4
rel_0_7_5
rel_0_7_6
rel_0_7b1
rel_0_7b2
rel_0_7b3
rel_0_7b4
rel_0_8_0
rel_0_8_0b1
rel_0_8_0b2
rel_0_8_1
rel_0_9_0
rel_0_9_0b1
rel_0_9_1
rel_0_9_2
rel_0_9_3
rel_0_9_4
rel_1_0_0
rel_1_0_0_b3
rel_1_0_0b1
rel_1_0_0b2
rel_1_0_0b4
rel_1_0_0b5
rel_1_0_1
rel_1_0_2
rel_1_0_3
rel_1_0_4
rel_1_0_5
rel_1_0_6
rel_1_0_7
rel_1_0_8
rel_1_1_0
rel_1_1_0b2
rel_1_1_0b3
rel_1_1_1
rel_1_1_2
rel_1_1_3
rel_1_1_4
rel_1_1_5
rel_1_1_6
rel_1_2_0
rel_1_2_0b1
rel_1_2_0b2
rel_1_2_1
rel_1_2_10
rel_1_2_11
rel_1_2_12
rel_1_2_13
rel_1_2_14
rel_1_2_15
rel_1_2_16
rel_1_2_17
rel_1_2_2
rel_1_2_3
rel_1_2_4
rel_1_2_5
rel_1_2_6
rel_1_2_7
rel_1_2_8
rel_1_2_9