Vulnerability Database
Blog
FAQ
Docs
GHSA-887w-45rq-vxgf
Suggest an improvement
Source
https://github.com/advisories/GHSA-887w-45rq-vxgf
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-887w-45rq-vxgf/GHSA-887w-45rq-vxgf.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-887w-45rq-vxgf
Aliases
CVE-2019-7164
PYSEC-2019-123
Published
2019-04-16T15:50:41Z
Modified
2024-10-28T14:22:47.888415Z
Severity
9.8 (Critical)
CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Calculator
9.3 (Critical)
CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Calculator
Summary
SQLAlchemy vulnerable to SQL Injection via order_by parameter
Details
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-7164
https://github.com/sqlalchemy/sqlalchemy/issues/4481
https://github.com/sqlalchemy/sqlalchemy/commit/30307c4616ad67c01ddae2e1e8e34fabf6028414
https://access.redhat.com/errata/RHSA-2019:0981
https://access.redhat.com/errata/RHSA-2019:0984
https://github.com/advisories/GHSA-887w-45rq-vxgf
https://github.com/pypa/advisory-database/tree/main/vulns/sqlalchemy/PYSEC-2019-123.yaml
https://github.com/sqlalchemy/sqlalchemy
https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html
https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html
https://www.oracle.com/security-alerts/cpujan2021.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html
Affected packages
PyPI
/
sqlalchemy
Package
Name
sqlalchemy
View open source insights on deps.dev
Purl
pkg:pypi/sqlalchemy
Affected ranges
Type
ECOSYSTEM
Events
Introduced
1.3.0b1
Fixed
1.3.0b3
Affected versions
1.*
1.3.0b1
1.3.0b2
PyPI
/
sqlalchemy
Package
Name
sqlalchemy
View open source insights on deps.dev
Purl
pkg:pypi/sqlalchemy
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1.2.18
Affected versions
0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.3.10
0.3.11
0.4.0beta1
0.4.0beta2
0.4.0beta3
0.4.0beta4
0.4.0beta5
0.4.0beta6
0.4.0
0.4.1
0.4.2a
0.4.2b
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.5.0beta1
0.5.0beta2
0.5.0beta3
0.5.0rc1
0.5.0rc2
0.5.0rc3
0.5.0rc4
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.6beta1
0.6beta2
0.6beta3
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9
0.7.10
0.8.0b2
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.10
1.*
1.0.0b1
1.0.0b2
1.0.0b3
1.0.0b4
1.0.0b5
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.1.0b1
1.1.0b2
1.1.0b3
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.1.10
1.1.11
1.1.12
1.1.13
1.1.14
1.1.15
1.1.16
1.1.17
1.1.18
1.2.0b1
1.2.0b2
1.2.0b3
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.17
GHSA-887w-45rq-vxgf - OSV