CVE-2019-7548
- Source
- https://cve.org/CVERecord?id=CVE-2019-7548
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7548.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-7548
- Aliases
- Downstream
- Related
- Published
- 2019-02-06T21:29:01.063Z
- Modified
- 2026-06-18T03:56:16.521295496Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_STRING", "vendor_product": "debian:debian_linux", "cpes": [ "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "8.0" }, { "last_affected": "9.0" } ] }, { "source": "CPE_STRING", "vendor_product": "opensuse:backports_sle", "cpes": [ "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "15.0-NA" } ] }, { "source": "CPE_STRING", "vendor_product": "opensuse:leap", "cpes": [ "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "15.0" }, { "last_affected": "15.1" } ] }, { "source": "CPE_STRING", "vendor_product": "oracle:communications_operations_monitor", "cpes": [ "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "4.2" }, { "last_affected": "4.3" } ] }, { "source": "CPE_STRING", "vendor_product": "redhat:enterprise_linux", "cpes": [ "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*" ], "extracted_events": [ { "last_affected": "8.0" } ] }, { "source": "CPE_STRING", "vendor_product": "redhat:enterprise_linux_eus", "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "8.1" }, { "last_affected": "8.2" }, { "last_affected": "8.4" } ] }, { "source": "CPE_STRING", "vendor_product": "redhat:enterprise_linux_server_aus", "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "8.2" }, { "last_affected": "8.4" } ] }, { "source": "CPE_STRING", "vendor_product": "redhat:enterprise_linux_server_tus", "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "8.2" }, { "last_affected": "8.4" } ] } ] }- References
-
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html
- https://access.redhat.com/errata/RHSA-2019:0981
- https://access.redhat.com/errata/RHSA-2019:0984
- https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html
- https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://github.com/no-security/sqlalchemy_test
Affected packages
Git / github.com/sqlalchemy/sqlalchemy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/sqlalchemy/sqlalchemy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "source": "CPE_STRING", "cpe": "cpe:2.3:a:sqlalchemy:sqlalchemy:1.2.17:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "last_affected": "1.2.17" } ] }
Affected versions
Other
origin
rel_0_1_0
rel_0_1_1
rel_0_1_2
rel_0_1_3
rel_0_1_4
rel_0_1_5
rel_0_1_6
rel_0_1_7
rel_0_2_0
rel_0_2_1
rel_0_2_2
rel_0_2_3
rel_0_2_4
rel_0_2_5
rel_0_2_6
rel_0_2_7
rel_0_2_8
rel_0_3_0
rel_0_3_1
rel_0_3_10
rel_0_3_2
rel_0_3_3
rel_0_3_4
rel_0_3_5
rel_0_3_6
rel_0_3_7
rel_0_3_8
rel_0_3_9
rel_0_4_0
rel_0_4_1
rel_0_4_2
rel_0_4_2a
rel_0_4_2b
rel_0_4_2p3
rel_0_4_3
rel_0_4_4
rel_0_4_5
rel_0_4beta1
rel_0_4beta2
rel_0_4beta3
rel_0_4beta4
rel_0_4beta6
rel_0_5_0
rel_0_5_1
rel_0_5_2
rel_0_5_3
rel_0_5_4
rel_0_5_4p1
rel_0_5_4p2
rel_0_5_5
rel_0_5beta1
rel_0_5beta2
rel_0_5beta3
rel_0_5rc1
rel_0_5rc2
rel_0_5rc3
rel_0_5rc4
rel_0_6_0
rel_0_6_1
rel_0_6_2
rel_0_6_3
rel_0_6_4
rel_0_6_5
rel_0_6beta1
rel_0_7_0
rel_0_7_1
rel_0_7_2
rel_0_7_3
rel_0_7_4
rel_0_7_5
rel_0_7_6
rel_0_7b1
rel_0_7b2
rel_0_7b3
rel_0_7b4
rel_0_8_0b1
rel_0_8_0b2
rel_0_9_0
rel_0_9_1
rel_0_9_2
rel_0_9_3
rel_0_9_4
rel_1_1_0
rel_1_1_0b2
rel_1_1_0b3
rel_1_1_1
rel_1_1_2
rel_1_1_3
rel_1_1_4
rel_1_1_5
rel_1_1_6
rel_1_2_0
rel_1_2_0b1
rel_1_2_0b2
rel_1_2_1
rel_1_2_10
rel_1_2_11
rel_1_2_12
rel_1_2_13
rel_1_2_14
rel_1_2_15
rel_1_2_16
rel_1_2_17
rel_1_2_2
rel_1_2_3
rel_1_2_4
rel_1_2_5
rel_1_2_6
rel_1_2_7
rel_1_2_8
rel_1_2_9