CVE-2019-7548
- Source
- https://cve.org/CVERecord?id=CVE-2019-7548
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7548.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-7548
- Aliases
- Downstream
- Related
- Published
- 2019-02-06T21:29:01.063Z
- Modified
- 2026-03-15T15:05:24.746929Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html
- https://access.redhat.com/errata/RHSA-2019:0984
- https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:0981
- https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://github.com/no-security/sqlalchemy_test
Affected packages
Git / github.com/sqlalchemy/sqlalchemy
Affected versions
Other
origin
rel_0_1_0
rel_0_1_1
rel_0_1_2
rel_0_1_3
rel_0_1_4
rel_0_1_5
rel_0_1_6
rel_0_1_7
rel_0_2_0
rel_0_2_1
rel_0_2_2
rel_0_2_3
rel_0_2_4
rel_0_2_5
rel_0_2_6
rel_0_2_7
rel_0_2_8
rel_0_3_0
rel_0_3_1
rel_0_3_10
rel_0_3_2
rel_0_3_3
rel_0_3_4
rel_0_3_5
rel_0_3_6
rel_0_3_7
rel_0_3_8
rel_0_3_9
rel_0_4_0
rel_0_4_1
rel_0_4_2
rel_0_4_2a
rel_0_4_2b
rel_0_4_2p3
rel_0_4_3
rel_0_4_4
rel_0_4_5
rel_0_4beta1
rel_0_4beta2
rel_0_4beta3
rel_0_4beta4
rel_0_4beta6
rel_0_5_0
rel_0_5_1
rel_0_5_2
rel_0_5_3
rel_0_5_4
rel_0_5_4p1
rel_0_5_4p2
rel_0_5_5
rel_0_5beta1
rel_0_5beta2
rel_0_5beta3
rel_0_5rc1
rel_0_5rc2
rel_0_5rc3
rel_0_5rc4
rel_0_6_0
rel_0_6_1
rel_0_6_2
rel_0_6_3
rel_0_6_4
rel_0_6_5
rel_0_6beta1
rel_0_6beta2
rel_0_6beta3
rel_0_7_0
rel_0_7_1
rel_0_7_2
rel_0_7_3
rel_0_7_4
rel_0_7_5
rel_0_7_6
rel_0_7b1
rel_0_7b2
rel_0_7b3
rel_0_7b4
rel_0_8_0
rel_0_8_0b1
rel_0_8_0b2
rel_0_8_1
rel_0_9_0
rel_0_9_0b1
rel_0_9_1
rel_0_9_2
rel_0_9_3
rel_0_9_4
rel_1_0_0
rel_1_0_0_b3
rel_1_0_0b1
rel_1_0_0b2
rel_1_0_0b4
rel_1_0_0b5
rel_1_0_1
rel_1_0_2
rel_1_0_3
rel_1_0_4
rel_1_0_5
rel_1_0_6
rel_1_0_7
rel_1_0_8
rel_1_1_0
rel_1_1_0b2
rel_1_1_0b3
rel_1_1_1
rel_1_1_2
rel_1_1_3
rel_1_1_4
rel_1_1_5
rel_1_1_6
rel_1_2_0
rel_1_2_0b1
rel_1_2_0b2
rel_1_2_1
rel_1_2_10
rel_1_2_11
rel_1_2_12
rel_1_2_13
rel_1_2_14
rel_1_2_15
rel_1_2_16
rel_1_2_17
rel_1_2_2
rel_1_2_3
rel_1_2_4
rel_1_2_5
rel_1_2_6
rel_1_2_7
rel_1_2_8
rel_1_2_9
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7548.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.3"
}
]
}
]