In Tortoise ORM prior to 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their case-insensitive counterparts).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tortoise orm project tortoise orm |