VYPR

rpm package

suse/python-SQLAlchemy&distro=SUSE Package Hub 15

pkg:rpm/suse/python-SQLAlchemy&distro=SUSE%20Package%20Hub%2015

Vulnerabilities (2)

  • CVE-2019-7164Feb 20, 2019
    affected < 1.2.7-bp150.2.3.1fixed 1.2.7-bp150.2.3.1

    SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

  • CVE-2019-7548Feb 6, 2019
    affected < 1.2.7-bp150.2.3.1fixed 1.2.7-bp150.2.3.1

    SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.