Critical severityNVD Advisory· Published Jun 5, 2012· Updated Jun 16, 2026
CVE-2012-0805
CVE-2012-0805
Description
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
SQLAlchemyPyPI | < 0.7.0b4 | 0.7.0b4 |
Affected products
15cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:sqlalchemy:sqlalchemy:0.7.0:b1:*:*:*:*:*:*
- cpe:2.3:a:sqlalchemy:sqlalchemy:0.7.0:b2:*:*:*:*:*:*
- cpe:2.3:a:sqlalchemy:sqlalchemy:*:b3:*:*:*:*:*:*range: <=0.7.0
Patches
Vulnerability mechanics
References
18- www.sqlalchemy.org/trac/changeset/852b6a1a87e7/nvdExploitPatch
- secunia.com/advisories/48327nvdVendor Advisory
- secunia.com/advisories/48328nvdVendor Advisory
- secunia.com/advisories/48771nvdVendor Advisory
- github.com/advisories/GHSA-hfg2-wf6j-x53pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-0805ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2012-0369.htmlnvdWEB
- www.debian.org/security/2012/dsa-2449nvdWEB
- www.sqlalchemy.org/changelog/CHANGES_0_7_0nvdWEB
- www.sqlalchemy.org/trac/changeset/852b6a1a87e7ghsaWEB
- bugs.launchpad.net/keystone/+bug/918608nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/73756nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/sqlalchemy/PYSEC-2012-9.yamlghsaWEB
- github.com/sqlalchemy/sqlalchemy/commit/51fea2e159ca93daa0bc8066a5c35d8436d99418ghsaWEB
- web.archive.org/web/20140721183117/http://secunia.com/advisories/48771ghsaWEB
- web.archive.org/web/20140802043526/http://secunia.com/advisories/48328ghsaWEB
- web.archive.org/web/20140802044957/http://secunia.com/advisories/48327ghsaWEB
- www.mandriva.com/security/advisoriesnvd
News mentions
0No linked articles in our index yet.