SQLAlchemy up to and including 1.2.17 and 1.3.x up to and including 1.3.0b2 allows SQL Injection via the order_by parameter.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
sqlalchemy sqlalchemy 1.3.0 |
||
sqlalchemy sqlalchemy |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
opensuse backports sle 15.0 |
||
opensuse leap 15.0 |
||
opensuse leap 15.1 |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux eus 8.1 |
||
redhat enterprise linux eus 8.2 |
||
redhat enterprise linux eus 8.4 |
||
redhat enterprise linux server aus 8.2 |
||
redhat enterprise linux server aus 8.4 |
||
redhat enterprise linux server tus 8.2 |
||
redhat enterprise linux server tus 8.4 |
||
oracle communications operations monitor 4.2 |
||
oracle communications operations monitor 4.3 |
Vulmon