DSA-2449-1 sqlalchemy -- missing input sanitizationID: oval:org.secpod.oval:def:600776 | Date: (C)2012-04-19 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that sqlalchemy, an SQL toolkit and object relational mapper for python, is not sanitizing input passed to the limit/offset keywords to select as well as the value passed to select.limit/offset. This allows an attacker to perform SQL injection attacks against applications using sqlalchemy that do not implement their own filtering.
Product: |
python-sqlalchemy |