CVE-2019-7164

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-7164

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7164.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-7164

Aliases

Downstream

DEBIAN-CVE-2019-7164

DLA-1718-1

DLA-2811-1

OESA-2021-1039

OESA-2021-1071

RHSA-2019:0981

RHSA-2019:0984

RLSA-2019:0981

RLSA-2019:0984

SUSE-SU-2019:2211-1

SUSE-SU-2019:2253-1

SUSE-SU-2019:2253-2

SUSE-SU-2019:2261-1

SUSE-SU-2019:2267-1

SUSE-SU-2019:2350-1

SUSE-SU-2019:2374-1

UBUNTU-CVE-2019-7164

openSUSE-SU-2019:2039-1

openSUSE-SU-2019:2064-1

openSUSE-SU-2019:2078-1

openSUSE-SU-2024:11211-1

openSUSE-SU-2024:12915-1

Related

Published

2019-02-20T00:29:00.197Z

Modified

2026-02-23T08:20:37.897633Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

References

Affected packages

Git / gitlab.com/libtiff/libtiff

Affected ranges

Type: GIT
Repo: https://gitlab.com/libtiff/libtiff
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

846d7d97f3254adf388993b195a8079068c22beb

Affected versions

v3.*

v3.5.3

v3.5.4

v3.5.5

v3.5.7

v3.6.0

v3.6.0beta2

v3.6.1

v3.7.0

v3.7.0alpha

v3.7.0beta

v3.7.0beta2

v3.7.1

v3.7.2

v3.7.3

v3.7.4

v3.8.0

v3.8.1

v3.8.2

v4.*

v4.0.0

v4.0.0alpha

v4.0.0alpha4

v4.0.0alpha5

v4.0.0alpha6

v4.0.0beta7

v4.0.1

v4.0.10

v4.0.2

v4.0.3

v4.0.4

v4.0.4beta

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

v4.1.0

v4.2.0

v4.3.0

v4.3.0rc1

v4.4.0

v4.4.0rc1

v4.5.0

v4.5.0rc1

v4.5.0rc2

v4.5.0rc3

v4.5.1

v4.5.1rc1

v4.5.1rc2

v4.5.1rc3

v4.6.0

v4.6.0rc1

v4.6.0rc2

v4.7.0

v4.7.0rc1

v4.7.0rc2

v4.7.1

v4.7.1rc1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7164.json"