OESA-2021-1039
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1039
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2021-1039.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2021-1039
- Upstream
- Published
- 2021-02-10T11:02:37Z
- Modified
- 2025-08-12T05:04:45.813363Z
- Summary
- python-sqlalchemy security update
- Details
-
SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases. It contains a powerful mapping layer that users can choose to work as automatically or as manually, determining relationships based on foreign keys or to bridge the gap between database and domain by letting you define the join conditions explicitly.\r\n\r\n Security Fix(es):\r\n\r\n SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.(CVE-2019-7164)\r\n\r\n
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:20.03-LTS / python-sqlalchemy
Package
- Name
- python-sqlalchemy
- Purl
- pkg:rpm/openEuler/python-sqlalchemy&distro=openEuler-20.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.19-3.oe1
Ecosystem specific
{
"src": [
"python-sqlalchemy-1.2.19-3.oe1.src.rpm"
],
"x86_64": [
"python3-sqlalchemy-1.2.19-3.oe1.x86_64.rpm",
"python-sqlalchemy-debuginfo-1.2.19-3.oe1.x86_64.rpm",
"python2-sqlalchemy-1.2.19-3.oe1.x86_64.rpm",
"python-sqlalchemy-debugsource-1.2.19-3.oe1.x86_64.rpm"
],
"aarch64": [
"python3-sqlalchemy-1.2.19-3.oe1.aarch64.rpm",
"python-sqlalchemy-debugsource-1.2.19-3.oe1.aarch64.rpm",
"python-sqlalchemy-debuginfo-1.2.19-3.oe1.aarch64.rpm",
"python2-sqlalchemy-1.2.19-3.oe1.aarch64.rpm"
],
"noarch": [
"python-sqlalchemy-help-1.2.19-3.oe1.noarch.rpm"
]
}