CVE-2019-7164
published 2019-02-20CVE-2019-7164: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | sqlalchemy | < sqlalchemy 1.2.18+ds1-2 (bookworm) | sqlalchemy 1.2.18+ds1-2 (bookworm) |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_operations_monitor | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| sqlalchemy | sqlalchemy | <= 1.2.17 | — |
| sqlalchemy | sqlalchemy | — | — |
| sqlalchemy | sqlalchemy | >= 0 < 1.2.18+ds1-2 | 1.2.18+ds1-2 |
| sqlalchemy | sqlalchemy | >= 0 < 1.2.18+ds1-2 | 1.2.18+ds1-2 |
| sqlalchemy | sqlalchemy | >= 0 < 1.2.18+ds1-2 | 1.2.18+ds1-2 |
| sqlalchemy | sqlalchemy | >= 0 < 1.2.18+ds1-2 | 1.2.18+ds1-2 |
| sqlalchemy | sqlalchemy | >= 0 < 1.2.18 | 1.2.18 |
| sqlalchemy | sqlalchemy | >= 1.3.0b1 < 1.3.0b3 | 1.3.0b3 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL