Published: 05/06/2012 Updated: 18/01/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple SQL injection vulnerabilities in SQLAlchemy prior to 0.7.0b4, as used in Keystone, allow remote malicious users to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.

Vendor Advisories

Synopsis Moderate: python-sqlalchemy security update Type/Severity Security Advisory: Moderate Topic An updated python-sqlalchemy package that fixes one security issue is nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A ...