Moderate severityNVD Advisory· Published Apr 20, 2020· Updated Aug 4, 2024
SQL injection in Tortoise ORM
CVE-2020-11010
Description
In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their case-insensitive counterparts).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tortoise-ormPyPI | < 0.15.23 | 0.15.23 |
tortoise-ormPyPI | >= 0.16.0, < 0.16.6 | 0.16.6 |
Affected products
2- Range: < 0.15.23
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-9j2c-x8qm-qmjqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-11010ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tortoise-orm/PYSEC-2020-144.yamlghsaWEB
- github.com/tortoise/tortoise-orm/commit/91c364053e0ddf77edc5442914c6f049512678b3ghsax_refsource_MISCWEB
- github.com/tortoise/tortoise-orm/security/advisories/GHSA-9j2c-x8qm-qmjqghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.