6.8
CVSSv2

CVE-2019-7548

Published: 06/02/2019 Updated: 07/05/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

Vulnerability Trend

Affected Products

Vendor Product Versions
SqlalchemySqlalchemy1.2.17
DebianDebian Linux8.0

Vendor Advisories

Synopsis Moderate: python36:36 security update Type/Severity Security Advisory: Moderate Topic An update for the python36:36 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Synopsis Important: python27:27 security update Type/Severity Security Advisory: Important Topic An update for the python27:27 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syst ...
Debian Bug report logs - #922669 sqlalchemy: CVE-2019-7164 CVE-2019-7548 (SQL injection) Package: src:sqlalchemy; Maintainer for src:sqlalchemy is Piotr O┼╝arowski <piotr@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 19 Feb 2019 06:51:02 UTC Severity: grave Tags: security, upstream Fo ...
SQLAlchemy 1217 has SQL Injection when the group_by parameter can be controlled ...