Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2019-7164
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
| Software | From | Fixed in |
|---|---|---|
| sqlalchemy / sqlalchemy | - | 1.2.17.x |
| sqlalchemy / sqlalchemy | 1.3.0-beta1 | 1.3.0-beta1.x |
| sqlalchemy / sqlalchemy | 1.3.0-beta2 | 1.3.0-beta2.x |
| debian / debian_linux | 8.0 | 8.0.x |
| debian / debian_linux | 9.0 | 9.0.x |
| opensuse / leap | 15.0 | 15.0.x |
| opensuse / leap | 15.1 | 15.1.x |
| opensuse / backports_sle | 15.0 | 15.0.x |
| redhat / enterprise_linux_eus | 8.1 | 8.1.x |
| redhat / enterprise_linux_eus | 8.2 | 8.2.x |
| redhat / enterprise_linux_server_tus | 8.2 | 8.2.x |
| redhat / enterprise_linux_server_aus | 8.2 | 8.2.x |
| redhat / enterprise_linux | 8.0 | 8.0.x |
| redhat / enterprise_linux_server_tus | 8.4 | 8.4.x |
| redhat / enterprise_linux_eus | 8.4 | 8.4.x |
| redhat / enterprise_linux_server_aus | 8.4 | 8.4.x |
| oracle / communications_operations_monitor | 4.2 | 4.2.x |
| oracle / communications_operations_monitor | 4.3 | 4.3.x |
SQLAlchemy
|
- | 1.3.0 |
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html
- https://access.redhat.com/errata/RHSA-2019:0981
- https://access.redhat.com/errata/RHSA-2019:0984
- https://github.com/sqlalchemy/sqlalchemy/commit/30307c4616ad67c01ddae2e1e8e34fabf6028414
- https://github.com/sqlalchemy/sqlalchemy/issues/4481
- https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html
- https://www.oracle.com/security-alerts/cpujan2021.html