CVE-2012-0805: SQLAlchemy vulnerable to SQL injection
(updated )
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.
References
- bugs.launchpad.net/keystone/+bug/918608
- exchange.xforce.ibmcloud.com/vulnerabilities/73756
- github.com/advisories/GHSA-hfg2-wf6j-x53p
- github.com/pypa/advisory-database/tree/main/vulns/sqlalchemy/PYSEC-2012-9.yaml
- github.com/sqlalchemy/sqlalchemy
- github.com/sqlalchemy/sqlalchemy/commit/51fea2e159ca93daa0bc8066a5c35d8436d99418
- nvd.nist.gov/vuln/detail/CVE-2012-0805
- web.archive.org/web/20140721183117/http://secunia.com/advisories/48771
- web.archive.org/web/20140802043526/http://secunia.com/advisories/48328
- web.archive.org/web/20140802044957/http://secunia.com/advisories/48327
Code Behaviors & Features
Detect and mitigate CVE-2012-0805 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →