VYPR
Critical severityNVD Advisory· Published Jun 5, 2012· Updated Jun 16, 2026

CVE-2012-0805

CVE-2012-0805

Description

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
SQLAlchemyPyPI
< 0.7.0b40.7.0b4

Affected products

15
  • cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:sqlalchemy:sqlalchemy:0.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:sqlalchemy:sqlalchemy:0.7.0:b1:*:*:*:*:*:*
    • cpe:2.3:a:sqlalchemy:sqlalchemy:0.7.0:b2:*:*:*:*:*:*
    • cpe:2.3:a:sqlalchemy:sqlalchemy:*:b3:*:*:*:*:*:*range: <=0.7.0
  • ghsa-coords
    Range: < 0.7.0b4

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.