VYPR

PyPI package

piccolo

pkg:pypi/piccolo

Vulnerabilities (2)

  • CVE-2023-47128Nov 10, 2023
    affected < 1.1.1fixed 1.1.1

    Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction `savepoints` in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing

  • CVE-2023-41885Sep 12, 2023
    affected < 0.121.0fixed 0.121.0

    Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of `BaseUser.login` leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo o