CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2022-40023 – python-mako: REDoS in Lexer class
https://notcve.org/view.php?id=CVE-2022-40023
07 Sep 2022 — Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. Sqlalchemy mako versiones anteriores a 1.2.2, es vulnerable a una Denegación de Servicio de expresiones Regulares cuando es usada la clase Lexer para analizar. Esto también afecta a babelplugin y linguaplugin A vulnerability was found in the mako package. Affected versions of this package are vulnerable to Regular expression denial of service... • https://github.com/sqlalchemy/mako/blob/c2f392e0be52dc67d1b9770ab8cce6a9c736d547/mako/ext/extract.py#L21 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 1CVE-2019-7164 – python-sqlalchemy: SQL Injection when the order_by parameter can be controlled
https://notcve.org/view.php?id=CVE-2019-7164
20 Feb 2019 — SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. SQLAlchemy, hasta la versión 1.2.17 y las 1.3.x hasta la 1.3.0b2, permite Inyección SQL mediante el parámetro "order_by". Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. SQLAlche... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 1%CPEs: 16EXPL: 1CVE-2019-7548 – python-sqlalchemy: SQL Injection when the group_by parameter can be controlled
https://notcve.org/view.php?id=CVE-2019-7548
06 Feb 2019 — SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. SQLAlchemy 1.2.17 tiene una inyección SQL cuando el parámetro group_by se puede controlar. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. SQLAlchemy is an Object Relational Mapper that provides a... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 1CVE-2012-0805 – python-sqlalchemy: SQL injection flaw due to not checking LIMIT input for correct type
https://notcve.org/view.php?id=CVE-2012-0805
07 Mar 2012 — Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function. Múltiples vulnerabilidades de inyección SQL en SQLAlchemy antes v0.7.0b4, tal y como se usa en Keystone, permite a atacantes remotos ejecutar comandos SQL a través de las palabras clave (1) limit (límite) o (2) offset (desp... • http://rhn.redhat.com/errata/RHSA-2012-0369.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •