OESA-2021-1274
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1274
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2021-1274.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2021-1274
- Upstream
- Published
- 2021-07-24T11:03:03Z
- Modified
- 2025-08-12T05:04:46.805265Z
- Summary
- python-sqlalchemy security update
- Details
-
SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases. It contains a powerful mapping layer that users can choose to work as automatically or as manually, determining relationships based on foreign keys or to bridge the gap between database and domain by letting you define the join conditions explicitly.
Security Fix(es):
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.(CVE-2019-7548)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP1 / python-sqlalchemy
Package
- Name
- python-sqlalchemy
- Purl
- pkg:rpm/openEuler/python-sqlalchemy&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.19-3.oe1
Ecosystem specific
{
"x86_64": [
"python-sqlalchemy-debugsource-1.2.19-3.oe1.x86_64.rpm",
"python-sqlalchemy-debuginfo-1.2.19-3.oe1.x86_64.rpm",
"python2-sqlalchemy-1.2.19-3.oe1.x86_64.rpm",
"python3-sqlalchemy-1.2.19-3.oe1.x86_64.rpm"
],
"src": [
"python-sqlalchemy-1.2.19-3.oe1.src.rpm"
],
"noarch": [
"python-sqlalchemy-help-1.2.19-3.oe1.noarch.rpm"
],
"aarch64": [
"python-sqlalchemy-debuginfo-1.2.19-3.oe1.aarch64.rpm",
"python-sqlalchemy-debugsource-1.2.19-3.oe1.aarch64.rpm",
"python2-sqlalchemy-1.2.19-3.oe1.aarch64.rpm",
"python3-sqlalchemy-1.2.19-3.oe1.aarch64.rpm"
]
}