VYPR
Moderate severityNVD Advisory· Published Apr 20, 2020· Updated Aug 4, 2024

SQL injection in Tortoise ORM

CVE-2020-11010

Description

In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their case-insensitive counterparts).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tortoise-ormPyPI
< 0.15.230.15.23
tortoise-ormPyPI
>= 0.16.0, < 0.16.60.16.6

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.