CVE-2024-24811
published 2024-02-07CVE-2024-24811: SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.88%
54.6th percentile
SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zope | sqlalchemyda | < 2.2 | 2.2 |
| zopefoundation | products.sqlalchemyda | < 2.2 | 2.2 |
| zopefoundation | products.sqlalchemyda | >= 0 < 2.2 | 2.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SQLAlchemyDA unauthenticated arbitrary SQL query execution
ghsa·2024-02-07
CVE-2024-24811 [CRITICAL] CWE-89 SQLAlchemyDA unauthenticated arbitrary SQL query execution
SQLAlchemyDA unauthenticated arbitrary SQL query execution
### Impact
The vulnerability allows unauthenticated execution of arbitrary SQL statements on the database the SQLAlchemyDA instance is connected to. All users are affected.
### Patches
The problem has been patched in version 2.2.
### Workarounds
There is no workaround. All users are urged to upgrade to version 2.2
OSV
SQLAlchemyDA unauthenticated arbitrary SQL query execution
osv·2024-02-07
CVE-2024-24811 [CRITICAL] SQLAlchemyDA unauthenticated arbitrary SQL query execution
SQLAlchemyDA unauthenticated arbitrary SQL query execution
### Impact
The vulnerability allows unauthenticated execution of arbitrary SQL statements on the database the SQLAlchemyDA instance is connected to. All users are affected.
### Patches
The problem has been patched in version 2.2.
### Workarounds
There is no workaround. All users are urged to upgrade to version 2.2
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/zopefoundation/Products.SQLAlchemyDA/commit/e682b99f8406f20bc3f0f2c77153ed7345fd215ahttps://github.com/zopefoundation/Products.SQLAlchemyDA/security/advisories/GHSA-r3jc-3qmm-w3pwhttps://github.com/zopefoundation/Products.SQLAlchemyDA/commit/e682b99f8406f20bc3f0f2c77153ed7345fd215ahttps://github.com/zopefoundation/Products.SQLAlchemyDA/security/advisories/GHSA-r3jc-3qmm-w3pw
2024-02-07
Published