First published: Fri Feb 01 2019(Updated: )
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sqlalchemy Sqlalchemy | =1.2.17 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
openSUSE Backports SLE | =15.0 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Eus | =8.1 | |
Redhat Enterprise Linux Eus | =8.2 | |
Redhat Enterprise Linux Eus | =8.4 | |
Redhat Enterprise Linux Server Aus | =8.2 | |
Redhat Enterprise Linux Server Aus | =8.4 | |
Redhat Enterprise Linux Server Tus | =8.2 | |
Redhat Enterprise Linux Server Tus | =8.4 | |
Oracle Communications Operations Monitor | =4.2 | |
Oracle Communications Operations Monitor | =4.3 | |
pip/SQLAlchemy | <1.2.19 | 1.2.19 |
=1.2.17 | ||
=8.0 | ||
=9.0 | ||
=15.0 | ||
=15.0 | ||
=15.1 | ||
=8.0 | ||
=8.1 | ||
=8.2 | ||
=8.4 | ||
=8.2 | ||
=8.4 | ||
=8.2 | ||
=8.4 | ||
=4.2 | ||
=4.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-7548 is a vulnerability in SQLAlchemy 1.2.17 that allows SQL injection when the group_by parameter can be controlled.
CVE-2019-7548 has a severity rating of 7.8, which is considered high.
SQLAlchemy versions up to 1.2.17 are affected by CVE-2019-7548.
To fix CVE-2019-7548, update to SQLAlchemy version 1.3.0 or higher.
You can find more information about CVE-2019-7548 at the following references: [link1], [link2], [link3].